{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T09:53:24.343","vulnerabilities":[{"cve":{"id":"CVE-2024-26270","sourceIdentifier":"security@liferay.com","published":"2024-02-20T14:15:09.530","lastModified":"2025-01-28T21:25:41.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password."},{"lang":"es","value":"La página Configuración de Cuenta en Liferay Portal 7.4.3.76 a 7.4.3.99, y Liferay DXP 2023.Q3 antes del parche 5, y 7.4 actualización 76 a 92 incorpora la contraseña hash del usuario en el código fuente HTML de la página, lo que permite al hombre en el atacantes intermedios para robar la contraseña hash de un usuario."}],"metrics":{"cvssMetricV31":[{"source":"security@liferay.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}]},"weaknesses":[{"source":"security@liferay.com","type":"Secondary","description":[{"lang":"en","value":"CWE-201"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.3.76","versionEndExcluding":"7.4.3.100","matchCriteriaId":"2DB383E5-7A0E-46A2-AB91-E4536889A6DB"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*","matchCriteriaId":"7E325115-EEBC-41F4-8606-45270DA40B98"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*","matchCriteriaId":"848B2C72-447D-46E2-A5A7-43CF3764E578"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*","matchCriteriaId":"26A0AF15-52A9-46FD-8157-359141332EAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*","matchCriteriaId":"63D63872-C1D0-444F-BCC7-A514F323C256"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*","matchCriteriaId":"9D9FA9AD-39D3-412A-B794-E1B29EEEEC4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*","matchCriteriaId":"294D8A56-A797-433C-A06E-106B2179151A"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*","matchCriteriaId":"824D88D9-4645-4CAD-8CAB-30F27DD388C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*","matchCriteriaId":"F6E8C952-B455-46E4-AC3D-D38CAF189F60"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*","matchCriteriaId":"CD77C0EE-AC79-4443-A502-C1E02F806911"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*","matchCriteriaId":"648EB53C-7A90-4DA6-BF1C-B5336CDE30C7"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*","matchCriteriaId":"39835EF7-8E93-4695-973D-6E9B76C67372"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*","matchCriteriaId":"2A05FB86-332B-44E3-93CB-82465A38976E"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*","matchCriteriaId":"7C754823-899C-4EEF-ACB7-E1551FA88B25"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*","matchCriteriaId":"493D4C18-DEE2-4040-9C13-3A9AB2CE47BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*","matchCriteriaId":"8F17DD75-E63B-4E4C-B136-D43F17B389EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*","matchCriteriaId":"62EE759A-78AD-40D6-8C5B-10403A8A4A89"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*","matchCriteriaId":"865ABA1F-CA99-4602-B325-F81C9778855C"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.0:*:*:*:*:*:*:*","matchCriteriaId":"B7B3A5E2-23CE-45A8-BD01-77024EB9F9A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*","matchCriteriaId":"1EF6451A-2A5D-4222-A1C6-113AA4B8D4E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*","matchCriteriaId":"9D6CE430-3C95-4855-BA44-E2E136D1FEB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*","matchCriteriaId":"44FEB149-C792-493D-B055-568FFC96298A"},{"vulnerable":true,"criteria":"cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*","matchCriteriaId":"B050DD73-71B6-46CD-A35B-7ACB53BE6C6A"}]}]}],"references":[{"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270","source":"security@liferay.com","tags":["Vendor Advisory"]},{"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}