CVE-2020-15840

EPSS 0.25%
Published 24.09.2020 15:15:14
Last modified 13.05.2025 18:17:51
Source cve@mitre.org
Teams watchlist Login
Open Login

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.

Affected products Warnungen 0 Metrics 3 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.0

Liferay ≫ Digital Experience Platform Version7.1

Liferay ≫ Digital Experience Platform Version7.2

Liferay ≫ Liferay Portal Version < 7.3.1

Liferay ≫ Liferay Portal Version6.2 Update- SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.453

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://portal.liferay.dev/learn/security/known-vulnerabilities

Vendor Advisory

https://issues.liferay.com/browse/LPE-17046

Vendor Advisory

Issue Tracking

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-15840

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15840

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15840

EUVD