CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-29047

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120743467

Products affected by CVE-2021-29047

Liferay » Dxp » Version: N/A

cpe:2.3:a:liferay:dxp:-
Liferay » Dxp » Version: 7.0

cpe:2.3:a:liferay:dxp:7.0
Liferay » Dxp » Version: 7.1

cpe:2.3:a:liferay:dxp:7.1
Liferay » Dxp » Version: 7.2

cpe:2.3:a:liferay:dxp:7.2
Liferay » Dxp » Version: 7.3

cpe:2.3:a:liferay:dxp:7.3
Liferay » Liferay Portal » Version: 7.3.4

cpe:2.3:a:liferay:liferay_portal:7.3.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29047

Products

Pricing

Contact Us