Home > Vulnerability Database > CVE-2023-47798

Mend.io Vulnerability Database

CVE-2023-47798

Good to know:

Date: February 7, 2024

Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.

Language: JSP

Severity Score

5.4

Related Resources (4)

Url: https://github.com/liferay/liferay-portal

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-47798

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47798

Url: https://www.mend.io/vulnerability-database/CVE-2023-47798

Severity Score

5.4

Weakness Type (CWE)

Session Fixation

CWE-384

Top Fix

Upgrade Version

Upgrade to version 7.4.3.27-ga27

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-47798

Good to know:

Date: February 7, 2024

Language: JSP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?