Liferay Portal Insufficient Session Expiration Vulnerability - CVE-2021-33322 - Vulnerability Database

Liferay Portal Insufficient Session Expiration Vulnerability - CVE-2021-33322

High
Reference: CVE-2021-33322
Title: Liferay Portal Insufficient Session Expiration Vulnerability
Overview:

In Liferay Portal 7.3.0 and earlier and Liferay DXP 7.0 before fix pack 96 7.1 before fix pack 18 and 7.2 before fix pack 5 password reset tokens are not invalidated after a user changes their password which allows remote attackers to change the users password via the old password reset token.