6.9
CVE-2025-43793
- EPSS 0.27%
- Veröffentlicht 15.09.2025 15:34:11
- Zuletzt bearbeitet 16.09.2025 12:49:26
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain of a domain name and create a supercookie, which allows remote attackers who control a website that share the same TLD to read cookies set by the application.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerLiferay
≫
Produkt
Portal
Default Statusunaffected
Version <=
7.4.3.105
Version
7.4.0
Status
affected
HerstellerLiferay
≫
Produkt
DXP
Default Statusunaffected
Version <=
7.3.10-u35
Version
7.3.10
Status
affected
Version <=
7.4.13-u92
Version
7.4.13
Status
affected
Version <=
2023.Q3.4
Version
2023.Q3.1
Status
affected
Version
2023.Q4.0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@liferay.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-1284 Improper Validation of Specified Quantity in Input
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.