Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay DXP Insufficient Session Expiration Vulnerability - CVE-2021-33322 - Vulnerability Database
Liferay DXP

Liferay DXP Insufficient Session Expiration Vulnerability - CVE-2021-33322

High
Reference: CVE-2021-33322
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-33322
Title: Liferay DXP Insufficient Session Expiration Vulnerability
Overview:

In Liferay Portal 7.3.0 and earlier and Liferay DXP 7.0 before fix pack 96 7.1 before fix pack 18 and 7.2 before fix pack 5 password reset tokens are not invalidated after a user changes their password which allows remote attackers to change the users password via the old password reset token.