Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33949 Vulnerability in maven package com.liferay.portal:release.portal.bom

Description

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949

Related Vulnerabilities

CVE-2019-16543 Vulnerability in maven package com.inflectra.spiratest.plugins:inflectra-spira-integration

CVE-2023-33003 Vulnerability in maven package org.jenkins-ci.plugins:tag-profiler

CVE-2020-2256 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-maven-parent

CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2020-1942 Vulnerability in maven package org.apache.nifi:nifi-framework

Severity

High

Classification

CWE-1188 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Vendor Advisory