CST-7061 Path traversal vulnerability in BaseBSFPortlet

Description

The BaseBSFPortlet class contains a path traversal vulnerability via URL manipulation.

Liferay Portal 7.0 CE does not use the BaseBSFPortlet class out of the box. However, developers extending BaseBSFPortlet may be vulnerable.

Severity

Severity 2

Notes

Liferay Portal 7.0 CE is no longer supported and no patch is available. Developers who have extended BaseBSFPortlet should no longer use this class.

Publication date: Thu, 23 Jan 2020 03:23:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.