Digital Experience Platform Security Vulnerabilities and Issues — Digital Experience Platform CVE List

Lucene search

LiferayDigital Experience Platform

4 matches found

CVE•added 2020/07/20 2:15 a.m.•105 views

CVE-2020-15841

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.

8.8CVSS8.6AI score0.00337EPSS

CVE•added 2020/07/20 2:15 a.m.•103 views

CVE-2020-15842

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.

8.1CVSS8.3AI score0.0057EPSS

CVE•added 2020/09/24 3:15 p.m.•96 views

CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.

5.3CVSS5.3AI score0.00249EPSS

CVE•added 2020/09/22 6:15 p.m.•91 views

CVE-2020-15839

Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.

6.5CVSS6.1AI score0.01104EPSS