The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 and then attackers can run scripts in the Gogo shell
{
"unresolved_ranges": [
{
"source": "CPE_RANGE",
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*"
],
"vendor_product": "liferay:digital_experience_platform",
"extracted_events": [
{
"introduced": "2024.q1.1"
},
{
"last_affected": "2024.q1.19"
},
{
"introduced": "2024.q2.0"
},
{
"last_affected": "2024.q2.13"
},
{
"introduced": "2024.Q3.0"
},
{
"last_affected": "2024.Q3.13"
},
{
"introduced": "2024.q4.0"
},
{
"last_affected": "2024.q4.7"
},
{
"introduced": "2025.q1.0"
},
{
"last_affected": "2025.q1.15"
}
]
},
{
"source": "CPE_STRING",
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:7.4:*:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*"
],
"vendor_product": "liferay:digital_experience_platform",
"extracted_events": [
{
"introduced": "7.4"
},
{
"last_affected": "7.4"
},
{
"introduced": "7.4-update80"
},
{
"last_affected": "7.4-update80"
},
{
"introduced": "7.4-update81"
},
{
"last_affected": "7.4-update81"
},
{
"introduced": "7.4-update82"
},
{
"last_affected": "7.4-update82"
},
{
"introduced": "7.4-update83"
},
{
"last_affected": "7.4-update83"
},
{
"introduced": "7.4-update84"
},
{
"last_affected": "7.4-update84"
},
{
"introduced": "7.4-update85"
},
{
"last_affected": "7.4-update85"
},
{
"introduced": "7.4-update86"
},
{
"last_affected": "7.4-update86"
},
{
"introduced": "7.4-update87"
},
{
"last_affected": "7.4-update87"
},
{
"introduced": "7.4-update88"
},
{
"last_affected": "7.4-update88"
},
{
"introduced": "7.4-update89"
},
{
"last_affected": "7.4-update89"
},
{
"introduced": "7.4-update90"
},
{
"last_affected": "7.4-update90"
},
{
"introduced": "7.4-update91"
},
{
"last_affected": "7.4-update91"
},
{
"introduced": "7.4-update92"
},
{
"last_affected": "7.4-update92"
}
]
}
]
}