Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’s TOTP to authenticate as the user.
CVSS Information
N/A
Vulnerability Type
认证中关键步骤缺失
Vulnerability Title
Liferay DXP 安全漏洞
Vulnerability Description
Liferay DXP是美国Liferay公司的一套数字化体验协作平台。 Liferay DXP存在安全漏洞,该漏洞源于一次性密码在有效期内可重复使用,可能导致攻击者利用用户的一次性密码进行身份验证。以下版本受到影响:2023.Q4.0版本、2023.Q3.1版本至2023.Q3.4版本、7.4 GA版本至update 92版本和7.3 GA版本至update 35版本。
CVSS Information
N/A
Vulnerability Type
N/A