Known Vulnerabilities

Liferay Portal 7.x before 7.2.1, is vulnerable to Server-Side Request Forgery (SSRF) via DDM REST Data Provider which allows an attacker access to sensitive information. This issue exists because...

Liferay Portal 7.2.1 June 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page. In Liferay Portal 7.2.1 and earlier,...

Liferay Portal 7.3.2 June 2020 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page. June 2020 source patch for Liferay...

Liferay Portal 7.0.0 through 7.0.6 does not properly verify permission when creating pages which may lead to attackers changing portal settings and gaining access to sensitive information. Severity...

Liferay Portal 7.1.0 and earlier is vulnerable to denial-of-service (DoS) attacks via file uploads because of vulnerabilities in Apache Tika. Severity 1 Liferay Portal 7.1.1 March 2020 source patch...

Liferay Portal 7.0.3 March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page. The RSS portlet and FuseMail...

Remote code execution vulnerability in DDM template in Liferay Portal 7.0.0 and earlier allows remote authenticated users with permission to create/edit templates to create templates that can run...

Server side request forgery (SSRF) vulnerability in pingback functionality of blogs in Liferay Portal before 7.1.0 allows remote attackers to send HTTP requests to intranet servers and conduct...

Liferay Portal 7.0.1 March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page. Review permissions settings and do...

The BaseBSFPortlet class contains a path traversal vulnerability via URL manipulation. Liferay Portal 7.0 CE does not use the BaseBSFPortlet class out of the box. However, developers extending...

In Liferay Portal 7.1 CE GA4 and earlier, a potential SQL injection vulnerability exist in the asset framework. Severity 1 March 2020 source patch for Liferay Portal 7.1.3. Details for working with...

In Liferay Portal 7.2.0 and earlier contains a remote code execution (RCE) vulnerability via JSON web services (JSONWS).   Workaround: Disable JSONWS by setting the portal.property...

Liferay Portal 7.1.1 March 2020 source patch for Liferay Portal 7.0.6. Details for working with source patches can be found on the Patching Liferay Portal page. March 2020 source patch for Liferay...

Liferay Portal 7.1.0 and earlier is vulnerable to remote code execution (RCE) via deserialization of JSON data. Severity 1 Liferay Portal 7.1.1 March 2020 source patch for Liferay Portal 7.0.6....

Liferay Portal 7.1.0 and earlier contains a path traversal vulnerability in Web Content templates and Application Display Templates (ADT). The vulnerability allows any user with permission to...

The default configuration for Liferay Portal 7.0.0 through 7.1.0 allow attackers to conduct XML External Entity (XXE) attacks via XSL templates in XSL Content and Web Content. Workaround: 1....

Liferay Portal 7.1.0 and earlier is vulnerable to a Server-Side Request Forgery (SSRF) via Web Content templates and Application Display Templates (ADT) which may allow an attacker access to...

In LIferay Portal 7.0 CE GA7, a theoretical OS command injection vulnerability exists in SendmailHook. Severity 2 Liferay Portal 7.1.0 7.0.6-ce-ga7-security-1.0 patch (source) By default, the...

This issue was reported by Juho Myllys The CSV files that are exported by Liferay Portal 7.0 CE GA7 (user export, DDL export and Form export) is susceptible to CSV injection if the CSV file is...

In Liferay Portal 7.0 CE GA7, A cross-site request forgery (CSRF) vulnerability exist with comments. An attacker can potentially exploit this security vulnerability to add comments on behalf of a...

Liferay Portal 7.1.0 7.0.6-ce-ga7-security-1.0 patch (source) In Liferay Portal 7.0 CE GA7, the password for a Form's REST data provider does not obfuscate the password leading to password...

In Liferay Portal 7.0 CE GA7, a flaw in the code used to prevent open redirects allows some crafted URLs to circumvent the open redirect prevention logic. Severity 2 Liferay Portal 7.1.0...

In Liferay Portal 7.0 CE GA7, blogs titles are visible to users without the appropriate view permission. Only the title is leaked and the user cannot view the content of the blog entry. Severity 2...

Liferay Portal 7.1.0 7.0.6-ce-ga7-security-1.0 patch (source) Some vulnerabilities reported by Gergő Czuczor In Liferay Portal 7.0 CE GA7, multiple cross-site scripting (XSS) vulnerabilities allow...

Multiple cross-site request forgery (CSRF) vulnerabilities allow remote attackers to execute unwanted actions in the portal. Workaround: Remove the following lines from the...

In Liferay Portal 7.0.5 and earlier, the Web Proxy portlet/application allows remote attackers to execute arbitrary code via supplied stylesheet. Patched versions of the portal will prevent users...

The portal may be vulnerable to BREACH attacks if the portal is using HTTPS and compression (GZip) is enabled. Workaround: Disable compression by setting...

The "doAsUserId" parameter used by Administrators for impersonating another user can be leaked to third party sites. Severity 2 Liferay Portal 7.0.6

Liferay Portal 7.0.6 The asset tag API leaks information about the user who created the asset tag. Severity 2

Multiple permission issue allows users to perform actions on resources which they are not authorized to perform. Severity 2 Liferay Portal 7.0.6

A reflected cross-site scripting (XSS) vulnerability exist on the JSONWS API page. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page....

Liferay Portal 7.0.5 Apache Commons Email is vulnerable to SMTP header injection (CVE-2017-9801). Liferay Portal is not vulnerable, however, custom modules/apps using the Commons Email JAR bundled...

Content spoofing is possible via URL manipulation in applications that suppor tags. An attacker can potentially exploit this security vulnerability to spoof content and mislead users. Severity 2...

All files within the application's WAR folder is accessible via crafted URL. Severity 1 Liferay Portal 7.0.5

This issue was reported by Tomas Bortoli Open redirect vulnerability in the Asset Publisher application allows remote attackers to redirect users to arbitrary web sites. Severity 2 Liferay Portal...

Unauthenticated users can modify system settings to gain administration privileges. Severity 1 Liferay Portal 7.0.5

Liferay Portal 7.0.5 March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page. In Liferay Portal 7.0.4 and earlier,...

Passwords are visible to administrators in the System Settings section of the Control Panel. Severity 2 Liferay Portal 7.0.5

Multiple permission issue allows users to perform actions on resources which they are not authorized to perform. Severity 2 Liferay Portal 7.0.5

Liferay Portal 7.0.5 Some vulnerabilities reported by Marko Winkler Multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML into a page....