logo

Database

Improper authorization control for web services In com.liferay.portal:release.dxp.bom

Description

Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-290412. NVD-2021-290413. OSV-2021-290414. GCVE-2021-29041

References

1. https://issues.liferay.com/browse/LPE-171312. http://liferay.com

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.