Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16385

BaseBSFPortlet is vulnerable to external path manipulation

    Details

    • Business Value:
      3
    • CVSS Base Score:
      3.2
    • CVSS Vector String:
      CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
    • 7.0 Fix Pack Version:
      89

      Description

      BaseBSFPortlet is vulnerable to external path manipulation via URL manipulation.

      Liferay DXP does not use BaseBSFPortlet out of the box. However, developers extending BaseBSFPortlet may be vulnerable.

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            tibor.lipusz Tibor Lipusz
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.0.X EE