Description
Liferay Portal 7.1.0 and earlier is vulnerable to remote code execution using Web Content/DDM templates.
Workaround: Review permissions and do not grant untrusted users permissions to create/edit Web Content/DDM templates.
Severity
Severity 1
Fixed Version(s)
- Liferay Portal 7.1.1
- March 2020 source patch for Liferay Portal 7.0.6. Details for working with source patches can be found on the Patching Liferay Portal page.
- March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Wed, 26 Jun 2019 06:01:00 +0000