CVE-2024-25144
08.02.2024, 04:15
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
| Vendor | Product | Version |
|---|---|---|
| liferay | digital_experience_platform | 7.2 |
| liferay | digital_experience_platform | 7.2:fix_pack_1 |
| liferay | digital_experience_platform | 7.2:fix_pack_10 |
| liferay | digital_experience_platform | 7.2:fix_pack_11 |
| liferay | digital_experience_platform | 7.2:fix_pack_12 |
| liferay | digital_experience_platform | 7.2:fix_pack_13 |
| liferay | digital_experience_platform | 7.2:fix_pack_14 |
| liferay | digital_experience_platform | 7.2:fix_pack_15 |
| liferay | digital_experience_platform | 7.2:fix_pack_16 |
| liferay | digital_experience_platform | 7.2:fix_pack_17 |
| liferay | digital_experience_platform | 7.2:fix_pack_18 |
| liferay | digital_experience_platform | 7.2:fix_pack_2 |
| liferay | digital_experience_platform | 7.2:fix_pack_3 |
| liferay | digital_experience_platform | 7.2:fix_pack_4 |
| liferay | digital_experience_platform | 7.2:fix_pack_5 |
| liferay | digital_experience_platform | 7.2:fix_pack_6 |
| liferay | digital_experience_platform | 7.2:fix_pack_7 |
| liferay | digital_experience_platform | 7.2:fix_pack_8 |
| liferay | digital_experience_platform | 7.2:fix_pack_9 |
| liferay | dxp | 7.3 |
| liferay | dxp | 7.3:sp1 |
| liferay | dxp | 7.3:sp2 |
| liferay | dxp | 7.3:sp3 |
| liferay | dxp | 7.3:update_1 |
| liferay | dxp | 7.3:update_2 |
| liferay | dxp | 7.3:update_3 |
| liferay | dxp | 7.3:update_4 |
| liferay | dxp | 7.3:update_5 |
| liferay | dxp | 7.4 |
| liferay | dxp | 7.4:update_1 |
| liferay | dxp | 7.4:update_10 |
| liferay | dxp | 7.4:update_11 |
| liferay | dxp | 7.4:update_12 |
| liferay | dxp | 7.4:update_13 |
| liferay | dxp | 7.4:update_14 |
| liferay | dxp | 7.4:update_15 |
| liferay | dxp | 7.4:update_16 |
| liferay | dxp | 7.4:update_17 |
| liferay | dxp | 7.4:update_18 |
| liferay | dxp | 7.4:update_19 |
| liferay | dxp | 7.4:update_2 |
| liferay | dxp | 7.4:update_20 |
| liferay | dxp | 7.4:update_21 |
| liferay | dxp | 7.4:update_22 |
| liferay | dxp | 7.4:update_23 |
| liferay | dxp | 7.4:update_24 |
| liferay | dxp | 7.4:update_25 |
| liferay | dxp | 7.4:update_26 |
| liferay | dxp | 7.4:update_3 |
| liferay | dxp | 7.4:update_4 |
| liferay | dxp | 7.4:update_5 |
| liferay | dxp | 7.4:update_6 |
| liferay | dxp | 7.4:update_7 |
| liferay | dxp | 7.4:update_8 |
| liferay | dxp | 7.4:update_9 |
| liferay | liferay_portal | 7.2.0 ≤ 𝑥 < 7.4.3.26 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
- CWE-834 - Excessive IterationThe software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.