The following issue may compromise the security of your Liferay Digital Experience Platform (DXP) implementation. This notification provides a description of the latest security vulnerability and recommended actions for Liferay Subscribers.

Liferay strongly recommends customers to review their Liferay Digital Experience Platform (DXP) environments immediately to make sure they are running on a patch level where this vulnerability is already fixed (see the fixed versions below). If customers choose to not update to the appropriate patch level, please follow the workaround described here.

Affected Version/s

• Liferay Digital Experience Platform 7.3

Vulnerability Information

• LSV-766 (SEV-2): Modifying another user's TOTP Multi-Factor Authentication settings

Download

The listed vulnerability will be fixed under DXP 7.3 Fix Pack 1+/Service Pack 1+.

For more information on the vulnerabilities and affected versions for the issue, please visit the Help Center Security Advisories page.