CVE-2020-15840
- EPSS 0.19%
- Veröffentlicht 24.09.2020 15:15:14
- Zuletzt bearbeitet 13.05.2025 18:17:51
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
CVE-2020-15839
- EPSS 1.08%
- Veröffentlicht 22.09.2020 18:15:23
- Zuletzt bearbeitet 21.11.2024 05:06:17
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading ...
CVE-2020-15841
- EPSS 0.34%
- Veröffentlicht 20.07.2020 02:15:11
- Zuletzt bearbeitet 15.08.2025 20:21:27
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Tes...
CVE-2020-15842
- EPSS 0.57%
- Veröffentlicht 20.07.2020 02:15:11
- Zuletzt bearbeitet 13.05.2025 18:17:51
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.