Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15841 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature. | |||||
| CVE-2020-15840 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. | |||||