5.3
CVE-2022-41414
- EPSS 0.2%
- Veröffentlicht 07.10.2022 18:15:22
- Zuletzt bearbeitet 21.11.2024 07:23:10
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Liferay Portal Version >= 7.0.0 <= 7.4.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.417 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.