Lucene search
K

28 matches found

CVE
CVE
added 2021/05/16 3:3 p.m.108 views

CVE-2021-29040

CVE-2021-29040 concerns Liferay Portal (versions 7.3.4 and earlier) and Liferay DXP (7.0 before fix pack 97, 7.1 before fix pack 20, 7.2 before fix pack 10). The vulnerability arises from overly verbose JSON web service error messages that can aid an attacker in crafting more focused inputs for f...

5.3CVSS5.2AI score0.01072EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2021/05/16 3:3 p.m.37 views

CVE-2021-29040

The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused...

5.6AI score0.01072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/05/16 12:0 a.m.5 views

PT-2021-18039 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.4 and earlier Liferay DXP versions 7.0 through 7.0 before fix pack 97 Liferay DXP versions 7.1 through 7.1 before fix pack 20 Liferay DXP versions 7.2 through 7.2 before fix pack 10 Description: The JSON web servic...

5.3CVSS5.2AI score0.01072EPSS
Exploits0References10
NVD
NVD
added 2020/03/20 7:15 p.m.25 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

9.8CVSS9.9AI score0.99783EPSS
Exploits10References6
OSV
OSV
added 2020/03/20 7:15 p.m.9 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

9.8CVSS9.9AI score0.99783EPSS
Exploits10References6
Prion
Prion
added 2020/03/20 7:15 p.m.28 views

Deserialization of untrusted data

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

7.5CVSS9.8AI score0.99783EPSS
Exploits10References5Affected Software1
Vulnrichment
Vulnrichment
added 2020/03/20 6:16 p.m.15 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

8AI score0.99783EPSS
Exploits10References5
Cvelist
Cvelist
added 2020/03/20 6:16 p.m.38 views

CVE-2020-7961

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services JSONWS...

9.9AI score0.99783EPSS
Exploits10References5
Rows per page
Query Builder