What is CVE-2024-25607?

CVE-2024-25607 is a high-severity vulnerability in Liferay Dxp, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 8.1/10. Published 2024-02-20.

How severe is CVE-2024-25607?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Liferay Dxp

CVE-2024-25607

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported ve…

EPSS: 0.001 (27.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Liferay Dxp — versions 7.4.13, 7.3.10, 7.2.10
Liferay Portal — versions 7.2.0

Weakness classification (CWE)

CWE-916 — Use of Password Hash With Insufficient Computational Effort

References

liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/conten… (vendor-advisory)

Frequently asked questions

What is CVE-2024-25607?: CVE-2024-25607 is a high-severity vulnerability in Liferay Dxp, classified under Use of Password Hash With Insufficient Computational Effort. CVSS score: 8.1/10. Published 2024-02-20.
How severe is CVE-2024-25607?: High severity. CVSS v3 base score is 8.1 out of 10.