CVE-2021-29041
MEDIUM6.5EPSS 0.51%Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
發布日:2022/5/24修改日:2025/5/14
描述
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.
受影響套件(1)
- Maven/com.liferay.portal:release.dxp.bomfrom 0, < 7.3.10.fp1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |