EUVD-2020-5697

Malware in sbrugna...

Liferay Portal 7.x <= 7.1.3, 7.2.x <= 7.2.1, 7.3.x < 7.3.2 Multiple Vulnerabilities

Liferay Portal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:liferay:liferayportal"; if...

Information Disclosure

com.liferay.dynamic.data.mapping.service is vulnerable to information disclosure. The vulnerability exists as it does not remove authentication data in the response sent by the DDMDataProvider API...

CVE-2020-13444

Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers...

Default credentials

Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers...

CVE-2020-13444

Affected software: Liferay Portal 7.x (7.0/7.1/7.2) prior to specific fix packs and Liferay DXP 7.x before their corresponding fixes. Vulnerability: the DDMDataProvider API may leak authentication data; information returned by the API is not properly sanitized, allowing remote authenticated users...