CVE-2022-41414

MEDIUM

Liferay Portal <7.4.2 - Info Disclosure

Title source: llm

Description

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

References (1)

Core 1

Core References

Not Applicable

https://portal.liferay.dev/learn/security/known-vulnerabilities

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-276

Status published

Products (3)

com.liferay.portal/com.liferay.portal.impl 0 - 8.0.0Maven

com.liferay.portal/release.portal.bom 7.0.0-a1 - 7.4.2-ga3Maven

liferay/liferay_portal 7.0.0 - 7.4.2

Published Oct 07, 2022

Tracked Since Feb 18, 2026