209 matches found
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...
May 10, 2022—KB5013952 (OS Build 14393.5125) - EXPIRED
May 10, 2022—KB5013952 OS Build 14393.5125 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- Note: To improve th...
com.liferay:com.liferay.dynamic.data.lists.form.web (>=1.0.0 <=2.0.14), com.liferay:com.liferay.dynamic.data.mapping.form.renderer (>=2.0.0 <=2.1.15) +17 more potentially affected by CVE-2022-26594 via com.liferay:com.liferay.dynamic.data.mapping.form.field.type (=2.0.0)
com.liferay:com.liferay.dynamic.data.mapping.form.field.type MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.dynamic.data.mapping.form.field.type and may be impacted: -...
com.liferay:com.liferay.document.library.service (>=1.0.0 <=2.0.8), com.liferay:com.liferay.dynamic.data.lists.service (>=1.0.0 <=1.1.48) +10 more potentially affected by CVE-2021-38268 via com.liferay:com.liferay.dynamic.data.mapping.service (>=1.0.0 <=2.2.0)
com.liferay:com.liferay.dynamic.data.mapping.service MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.5, =1.0.30 Source cves: CVE-2021-38268 Source advisory: OSV:GHSA-F855-2RVM-5J7H...
GHSA-F855-2RVM-5J7H Liferay Portal and Liferay DXP has incorrect default permissions for site members
The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users...
Liferay Portal and Liferay DXP has incorrect default permissions for site members
The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users...
CVE-2021-38268
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site...
Design/Logic Flaw
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site...
CVE-2021-38268
CVE-2021-38268 affects Liferay Portal 7.0.0–7.3.6 and Liferay DXP 7.0–7.3 with the Dynamic Data Mapping module. The issue: default permissions for site members are set incorrectly, allowing remote authenticated users with the site member role to add and duplicate forms via the UI or the API. Affe...
CVE-2021-38268
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users with the site...
Liferay Portal 安全漏洞
Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A security vulnerability exists in Liferay Portal...
CVE-2021-33334
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...
CVE-2021-33334
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...
CVE-2021-33334
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...
CVE-2021-33334
CVE-2021-33334 affects Liferay Portal 7.0.0–7.3.2 and Liferay DXP 7.0 (pre-fix pack 94), 7.1 (pre-fix pack 19), and 7.2 (pre-fix pack 6). The Dynamic Data Mapping module does not properly enforce user permissions, allowing remote attackers with the forms "Access in Site Administration" permission...
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user...
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user...
Design/Logic Flaw
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user...
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user...