CST-7020 XXE vulnerability in Apache Tika

Description

Apache Tika is vulnerable to XML External Entity (XXE) processing attacks. This vulnerability can allow an attacker to access files on the file system and/or take down the portal (denial of service).

Workaround: Limit add and update document permission in the Document and Media application to trusted users.

Severity

Severity 1

Fixed Version(s)

Publication date: Mon, 26 Jun 2017 09:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.