CVE-2021-29047
First published: Sun May 16 2021(Updated: )
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay 7.4 GA | <7.3 | |
| Liferay 7.4 GA | =7.3 | |
| Liferay 7.4 GA | =7.3.4 | |
| Liferay 7.4 GA | =7.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-29047?
CVE-2021-29047 is rated as a medium severity vulnerability due to its potential for abuse in bypassing CAPTCHA protections.
How do I fix CVE-2021-29047?
To fix CVE-2021-29047, upgrade to Liferay Portal 7.3.6 or later versions including Liferay DXP 7.3 with fix pack 1.
What does CVE-2021-29047 affect?
CVE-2021-29047 affects Liferay Portal versions 7.3.4 and 7.3.5, as well as Liferay DXP 7.3 prior to fix pack 1.
What is the impact of CVE-2021-29047?
The impact of CVE-2021-29047 allows remote attackers to reuse CAPTCHA answers, enabling them to bypass security measures.
Is CVE-2021-29047 remotely exploitable?
Yes, CVE-2021-29047 is remotely exploitable, allowing attackers to perform protected actions by reusing CAPTCHA responses.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/liferay
- canonical/liferay 7.4 ga
- version/liferay 7.4 ga/7.3
- version/liferay 7.4 ga/7.3.4
- version/liferay 7.4 ga/7.3.5