9 matches found
Denial Of Service (DoS)
com.liferay.portal.workflow.kaleo.forms.web is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient restrictions on saving request parameters in the portlet session because the application allows unvalidated request data to be stored in memory; an attacker can send crafte...
CVE-2025-43772
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to not saving the request parameters in the portlet session. An attacker can exhaust system memory by sending crafted HTTP requests. Details Denial of Service DoS describes a family of attacks, all aimed at...
GHSA-J4FW-4MHR-HC45 Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...
Liferay Portal Vulnerable to Denial of Service in Kaleo Forms Admin
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...
CVE-2025-43772
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...
CVE-2025-43772
Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to denial-of-servic...
CVE-2025-43772
Kaleo Forms Admin in Liferay Portal (7.0.0–7.4.3.4) and Liferay DXP (7.4 GA, 7.3 GA–update 27) is affected by a DoS due to not restricting saving of request parameters in the portlet session. The root cause is unvalidated/unrestricted storage of request data in memory, enabling remote attackers t...
PT-2025-35865
Name of the Vulnerable Software and Affected Versions: Kaleo Forms Admin in Liferay Portal versions 7.0.0 through 7.4.3.4 Kaleo Forms Admin in Liferay DXP versions 7.3 GA through update 27 Kaleo Forms Admin in Liferay DXP version 7.4 GA Older unsupported versions Description: The application does...