CVE-2024-26268

🗓️ 20 Feb 2024 13:17:28Reported by LiferayType

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26 and older version

Reporter	Title	Published	Views	Family All 15
Circl	CVE-2024-26268	21 Feb 202414:03	–	circl
CNNVD	Liferay Portal and Liferay DXP Security Vulnerabilities	20 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-26268	20 Feb 202413:17	–	cvelist
EUVD	EUVD-2024-23542	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal and Liferay DXP User Enumeration Vulnerability	20 Feb 202415:31	–	github
NCSC	Vulnerabilities fixed in Liferay Portal and DXP	22 Feb 202400:00	–	ncsc
NVD	CVE-2024-26268	20 Feb 202414:15	–	nvd
OSV	CVE-2024-26268	20 Feb 202414:15	–	osv
OSV	GHSA-QM43-G2XJ-HVG5 Liferay Portal and Liferay DXP User Enumeration Vulnerability	20 Feb 202415:31	–	osv
Prion	Design/Logic Flaw	20 Feb 202414:15	–	prion

NVD

Vulners

Vulnrichment

Node

liferay liferay_portalRange≤7.3.7

liferay liferay_portalRange7.4.0–7.4.3.27

Node

liferay digital_experience_platformRange<7.2

liferay digital_experience_platformMatch7.2-

liferay digital_experience_platformMatch7.2fix_pack_1

liferay digital_experience_platformMatch7.2fix_pack_10

liferay digital_experience_platformMatch7.2fix_pack_11

liferay digital_experience_platformMatch7.2fix_pack_12

liferay digital_experience_platformMatch7.2fix_pack_13

liferay digital_experience_platformMatch7.2fix_pack_14

liferay digital_experience_platformMatch7.2fix_pack_15

liferay digital_experience_platformMatch7.2fix_pack_16

liferay digital_experience_platformMatch7.2fix_pack_17

liferay digital_experience_platformMatch7.2fix_pack_18

liferay digital_experience_platformMatch7.2fix_pack_19

liferay digital_experience_platformMatch7.2fix_pack_2

liferay digital_experience_platformMatch7.2fix_pack_3

liferay digital_experience_platformMatch7.2fix_pack_4

liferay digital_experience_platformMatch7.2fix_pack_5

liferay digital_experience_platformMatch7.2fix_pack_6

liferay digital_experience_platformMatch7.2fix_pack_7

liferay digital_experience_platformMatch7.2fix_pack_8

liferay digital_experience_platformMatch7.2fix_pack_9

liferay digital_experience_platformMatch7.2service_pack_1

liferay digital_experience_platformMatch7.2service_pack_2

liferay digital_experience_platformMatch7.2service_pack_3

liferay digital_experience_platformMatch7.2service_pack_4

liferay digital_experience_platformMatch7.2service_pack_5

liferay digital_experience_platformMatch7.2service_pack_6

liferay digital_experience_platformMatch7.2service_pack_7

liferay digital_experience_platformMatch7.3-

liferay digital_experience_platformMatch7.3fix_pack_1

liferay digital_experience_platformMatch7.3fix_pack_2

liferay digital_experience_platformMatch7.3service_pack_1

liferay digital_experience_platformMatch7.3service_pack_3

liferay digital_experience_platformMatch7.3update4

liferay digital_experience_platformMatch7.3update5

liferay digital_experience_platformMatch7.3update6

liferay digital_experience_platformMatch7.3update7

liferay digital_experience_platformMatch7.4-

liferay digital_experience_platformMatch7.4update1

liferay digital_experience_platformMatch7.4update10

liferay digital_experience_platformMatch7.4update11

liferay digital_experience_platformMatch7.4update12

liferay digital_experience_platformMatch7.4update13

liferay digital_experience_platformMatch7.4update14

liferay digital_experience_platformMatch7.4update15

liferay digital_experience_platformMatch7.4update16

liferay digital_experience_platformMatch7.4update17

liferay digital_experience_platformMatch7.4update18

liferay digital_experience_platformMatch7.4update19

liferay digital_experience_platformMatch7.4update2

liferay digital_experience_platformMatch7.4update20

liferay digital_experience_platformMatch7.4update21

liferay digital_experience_platformMatch7.4update22

liferay digital_experience_platformMatch7.4update23

liferay digital_experience_platformMatch7.4update24

liferay digital_experience_platformMatch7.4update25

liferay digital_experience_platformMatch7.4update26

liferay digital_experience_platformMatch7.4update3

liferay digital_experience_platformMatch7.4update4

liferay digital_experience_platformMatch7.4update5

liferay digital_experience_platformMatch7.4update6

liferay digital_experience_platformMatch7.4update7

liferay digital_experience_platformMatch7.4update8

liferay digital_experience_platformMatch7.4update9

[
  {
    "defaultStatus": "unknown",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.26",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13.u26",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10.u7",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-19",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268

28 Jan 2025 21:37Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.15.3

EPSS0.00304

SSVC

CWE-203