Summary: Liferay Portal is prone to multiple vulnerabilities.
Detection Method: Checks if a vulnerable version is present on the target host.
Technical Details: Liferay Portal is prone to multiple vulnerabilities:
- Velocity/FreeMarker templates do not properly restrict variable usage
- Multiple permission vulnerabilities in 7.0 CE GA3
- Multiple XSS vulnerabilities in 7.0 CE GA3
- Password policy circumvention via forgot password
- DoS vulnerability via SessionClicks
- RCE via TunnelServlet
- ThreadLocal may leak variables
- Password exposure in Server Administration
- Password exposure during a data migration
- Open redirect vulnerability in Search
- DoS vulnerabilities in Apache Commons FileUpload
- XXE vulnerability in Apache Tika
Affected Versions: Liferay Portal prior to version 7.0.2 CE GA3.
Recommendations: Update to version 7.0.2 CE GA3 or later.
Web application abuses
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition