Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-08T02:55:43.923Z
Updated: 2024-02-08T02:55:43.923Z
Reserved: 2023-11-10T01:49:20.188Z
Link: CVE-2023-47798
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-02-08T03:15:07.367
Modified: 2024-02-08T03:29:33.180
Link: CVE-2023-47798
JSON object: View
Redhat Information
No data.
CWE