|Category:||Web application abuses|
|Title:||Liferay Portal < 7.0 CE GA4 Multiple Vulnerabilities|
|Summary:||Liferay Portal is prone to multiple vulnerabilities.|
Liferay Portal is prone to multiple vulnerabilities.
Liferay Portal is prone to multiple vulnerabilities:
- Velocity/FreeMarker templates do not properly restrict variable usage
- Multiple permission vulnerabilities in 7.0 CE GA3
- Multiple XSS vulnerabilities in 7.0 CE GA3
- Password policy circumvention via forgot password
- DoS vulnerability via SessionClicks
- RCE via TunnelServlet
- ThreadLocal may leak variables
- Password exposure in Server Administration
- Password exposure during a data migration
- Open redirect vulnerability in Search
- DoS vulnerabilities in Apache Commons FileUpload
- XXE vulnerability in Apache Tika
Liferay Portal prior to version 7.0.2 CE GA3.
Update to version 7.0.2 CE GA3 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2019-6588|
|Copyright||This script is Copyright (C) 2019 Greenbone Networks GmbH|
|This is only one of 74190 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.