6.5

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LiferayDigital Experience Platform Version7.2 Update-
LiferayDigital Experience Platform Version7.2 Updatefix_pack_1
LiferayDigital Experience Platform Version7.2 Updatefix_pack_10
LiferayDigital Experience Platform Version7.2 Updatefix_pack_11
LiferayDigital Experience Platform Version7.2 Updatefix_pack_12
LiferayDigital Experience Platform Version7.2 Updatefix_pack_13
LiferayDigital Experience Platform Version7.2 Updatefix_pack_14
LiferayDigital Experience Platform Version7.2 Updatefix_pack_15
LiferayDigital Experience Platform Version7.2 Updatefix_pack_16
LiferayDigital Experience Platform Version7.2 Updatefix_pack_17
LiferayDigital Experience Platform Version7.2 Updatefix_pack_18
LiferayDigital Experience Platform Version7.2 Updatefix_pack_2
LiferayDigital Experience Platform Version7.2 Updatefix_pack_3
LiferayDigital Experience Platform Version7.2 Updatefix_pack_4
LiferayDigital Experience Platform Version7.2 Updatefix_pack_5
LiferayDigital Experience Platform Version7.2 Updatefix_pack_6
LiferayDigital Experience Platform Version7.2 Updatefix_pack_7
LiferayDigital Experience Platform Version7.2 Updatefix_pack_8
LiferayDigital Experience Platform Version7.2 Updatefix_pack_9
LiferayDxp Version7.3 Update-
LiferayDxp Version7.3 Updatesp1
LiferayDxp Version7.3 Updatesp2
LiferayDxp Version7.3 Updatesp3
LiferayDxp Version7.3 Updateupdate_1
LiferayDxp Version7.3 Updateupdate_2
LiferayDxp Version7.3 Updateupdate_3
LiferayDxp Version7.3 Updateupdate_4
LiferayDxp Version7.3 Updateupdate_5
LiferayDxp Version7.4 Update-
LiferayDxp Version7.4 Updateupdate_1
LiferayDxp Version7.4 Updateupdate_10
LiferayDxp Version7.4 Updateupdate_11
LiferayDxp Version7.4 Updateupdate_12
LiferayDxp Version7.4 Updateupdate_13
LiferayDxp Version7.4 Updateupdate_14
LiferayDxp Version7.4 Updateupdate_15
LiferayDxp Version7.4 Updateupdate_16
LiferayDxp Version7.4 Updateupdate_17
LiferayDxp Version7.4 Updateupdate_18
LiferayDxp Version7.4 Updateupdate_19
LiferayDxp Version7.4 Updateupdate_2
LiferayDxp Version7.4 Updateupdate_20
LiferayDxp Version7.4 Updateupdate_21
LiferayDxp Version7.4 Updateupdate_22
LiferayDxp Version7.4 Updateupdate_23
LiferayDxp Version7.4 Updateupdate_24
LiferayDxp Version7.4 Updateupdate_25
LiferayDxp Version7.4 Updateupdate_26
LiferayDxp Version7.4 Updateupdate_3
LiferayDxp Version7.4 Updateupdate_4
LiferayDxp Version7.4 Updateupdate_5
LiferayDxp Version7.4 Updateupdate_6
LiferayDxp Version7.4 Updateupdate_7
LiferayDxp Version7.4 Updateupdate_8
LiferayDxp Version7.4 Updateupdate_9
LiferayLiferay Portal Version >= 7.2.0 < 7.4.3.26
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.32% 0.539
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security@liferay.com 4.1 2.3 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L
CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.