CVE-2022-41414
published 2022-10-07CVE-2022-41414: An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | liferay_portal | 7.0.0 – 7.4.2 | — |