CVE-2021-29040 Information

Description

The JSON web services in Liferay Portal 7.3.4 and earlier and Liferay DXP 7.0 before fix pack 97 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages which allows remote attackers to use the contents of error messages to help launch another more focused attacks via crafted inputs.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743429 http://liferay.com

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3