CVE-2023-33949

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-1188
View all →

Vulnerability Description

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.

Related Vulnerabilities

CVE-2017-6750

HIGH
CVSS:7.5(High)

A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticated...

CWE-11882017

CVE-2019-13393

HIGH
CVSS:7.5(High)

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Au...

CWE-11882019

CVE-2019-20470

HIGH
CVSS:7.5(High)

An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the wa...

CWE-11882019

CVE-2019-25219

HIGH
CVSS:7.5(High)

Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no associated error information from the SSL library being used.

CWE-11882019

CVE-2020-11489

HIGH
CVSS:7.5(High)

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SN...

CWE-11882020