CVE-2022-41414 – com.liferay.portal:com.liferay.portal.impl

Package

Manager: maven
Name: com.liferay.portal:com.liferay.portal.impl
Vulnerable Version: >=0 <8.0.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00099 pctl0.28244

Details

Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

Metadata

Created: 2022-10-07T18:15:40Z
Modified: 2025-07-16T16:00:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-9427-7f65-88c8/GHSA-9427-7f65-88c8.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-9427-7f65-88c8
Finding: F164
Auto approve: 1