Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15840 | 1 Liferay | 2 Dxp, Liferay Portal | 2020-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. | |||||
| CVE-2020-15842 | 1 Liferay | 2 Dxp, Liferay Portal | 2020-07-24 | 6.8 MEDIUM | 8.1 HIGH |
| Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | |||||