Home
MEDIUM: 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:NDefault status
unaffected
7.4.3.121 (maven)
affected
Default status
unaffected
2024.Q1.1 (maven)
affected
2024.Q2.0 (maven)
affected
2024.Q3.1 (maven)
affected
2024.Q4.0 (maven)
affected
Description
A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an remote non-authenticated attacker to reuse old user session by SLO API
Problem types
CWE-613 Insufficient Session Expiration
Product status
7.4.3.121 (maven)
2024.Q1.1 (maven)
2024.Q2.0 (maven)
2024.Q3.1 (maven)
2024.Q4.0 (maven)
References
liferay.dev/...-/asset_publisher/jekt/content/CVE-2025-43819