How severe is CVE-2023-33949?

CVE-2023-33949 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2023-33949

Name: liferay_portal
Author: liferay

5.3MEDIUM

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts us

公開日: 5/24/2023更新日: 1/9/2026

説明

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.

AI分析AIによる分析

影響を受ける製品

liferaydigital_experience_platform

liferayliferay_portal

7.3.0

参照

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33949
Vendor Advisory