Description
The BaseBSFPortlet class contains a path traversal vulnerability via URL manipulation.
Liferay Portal 7.0 CE does not use the BaseBSFPortlet class out of the box. However, developers extending BaseBSFPortlet may be vulnerable.
Severity
Severity 2
Notes
Liferay Portal 7.0 CE is no longer supported and no patch is available. Developers who have extended BaseBSFPortlet should no longer use this class.
Publication date: Thu, 23 Jan 2020 03:23:00 +0000