2 matches found
CVE-2023-47798
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked...
CVE-2023-47798
CVE-2023-47798 affects Liferay Portal 7.2.0–7.3.0 and older unsupported versions, and Liferay DXP 7.2 before fix pack 5. The issue is that account lockout does not invalidate existing user sessions, allowing remote authenticated users to remain authenticated after lockout. Root cause: session per...