CVE-2022-41414 – com.liferay.portal:release.portal.bom

Package

Manager: maven
Name: com.liferay.portal:release.portal.bom
Vulnerable Version: >=7.0.0-a1 <7.4.2-ga3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00099 pctl0.28232

Details

Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

Metadata

Created: 2022-10-07T18:15:40Z
Modified: 2025-07-16T16:00:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-9427-7f65-88c8/GHSA-9427-7f65-88c8.json
CWE IDs: ["CWE-276"]
Alternative ID: GHSA-9427-7f65-88c8
Finding: F164
Auto approve: 1