Home > Vulnerability Database > CVE-2024-25144

Mend.io Vulnerability Database

CVE-2024-25144

Good to know:

Date: February 7, 2024

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Language: JSP

Severity Score

4.1

Related Resources (4)

Url: https://github.com/liferay/liferay-portal

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-25144

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144

Url: https://www.mend.io/vulnerability-database/CVE-2024-25144

Severity Score

4.1

Weakness Type (CWE)

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Excessive Iteration

CWE-834

Top Fix

Upgrade Version

Upgrade to version 7.4.3.27-ga27

Learn More

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-25144

Good to know:

Date: February 7, 2024

Language: JSP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?