CNNVD-202509-1982 Information
CNNVD ID
CNNVD-202509-1982
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
Liferay DXP是美国Liferay公司的一套数字化体验协作平台。 Liferay DXP存在安全漏洞,该漏洞源于一次性密码在有效期内可重复使用,可能导致攻击者利用用户的一次性密码进行身份验证。以下版本受到影响:2023.Q4.0版本、2023.Q3.1版本至2023.Q3.4版本、7.4 GA版本至update 92版本和7.3 GA版本至update 35版本。
Description (English)
Liferay DXP is a digitized experience collaborative platform for the American company Liferay. Liferay DXP had a security loophole, which stemmed from the possibility that one-time passwords could be reused during their validity period, which could lead to the attackers using the user ’ s one-time password for identification purposes. The following versions were affected: 2023.Q4.0, 2023.Q3.1 to 2023.Q3.4, 7.4 GA to update 92 and 7.3 GA to update 35.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Lightdash
Published
2025-09-15
Last Modified
2026-02-24
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43798 https://access.redhat.com/security/cve/cve-2025-43798
Patch
https://www.liferay.com/zh/downloads-community
Share on: