13 matches found
CVE-2025-62250
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error which can be triggered via unauthenticated cluster messages. An attacker can inject malicious data into the cluster. Remediation Upgrade com.liferay:com.liferay.portal.cluster.multiple to version 5.0.35 or higher...
EUVD-2025-35186
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
GHSA-6PGJ-W687-9C8C Liferay Portal fails to verify messages from the cluster network is trusted
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
Liferay Portal fails to verify messages from the cluster network is trusted
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
CVE-2025-62250
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
CVE-2025-62250
CVE-2025-62250 describes an Improper Authentication flaw in Liferay Portal/DXP where remote attackers can send unauthenticated cluster messages that are treated as trusted data. Affected products include Liferay Portal 7.4.0 through 7.4.3.132 and older unsupported versions, and Liferay DXP 2023.Q...
CVE-2025-62250
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to send malicious data to the Lifer...
Juniper Networks Junos Space Man-in-the-Middle Attack Vulnerability
Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Networks Junos Space prior to version 17.1R1 tha...
CVE-2017-10623
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...
CVE-2017-10623 Junos Space: Insufficient verification of cluster messages
Lack of authentication and authorization of cluster messages in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to intercept, inject or disrupt Junos Space cluster operations between two nodes. Affected releases are Juniper Networks Junos Space all versions prior to...
CVE-2017-10623
CVE-2017-10623 affects Juniper Networks Junos Space: lack of authentication and authorization for cluster messages can enable a man-in-the-middle attacker to intercept, inject, or disrupt cluster operations between two nodes. Affected are Junos Space releases prior to 17.1R1. The provided documen...
JGroups: Authorization bypass
It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information...