8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Liferay Portal is vulnerable to Weak Cryptographic Hash. The vulnerability exists due to the default password hashing algorithm (PBKDF2-HMAC-SHA1) having a low work factor in the Liferay Portal. It allows attackers to crack password hashes quickly, potentially compromising user accounts and gaining unauthorized access to sensitive data or performing malicious actions within the Liferay Portal or Liferay DXP instances.
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.1 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%