Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-16762

Security vulnerabilities in Xalan, Poi, Commons Collections and Groovy (com.liferay.portal.reports.engine.console.jasper)

    Details

    • CVSS Base Score:
      9.8
    • CVSS Vector String:
      CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • 7.0 Fix Pack Version:
      85

      Description

      In Liferay Reports 3.0.0 and 4.0.0, the 'com.liferay.portal.reports.engine.console.jasper' bundle includes Commons Collections 2.1.1, Groovy 2.0.1, Apache POI 3.7 & Xalan 2.7.1 which has the following known vulnerabilities: CVE-2014-0107, CVE-2017-12626, CVE-2017-5644, CVE-2016-5000, CVE-2014-3574, CVE-2014-3529, CVE-2012-0213, CVE-2014-9527, CVE-2017-15708, CVE-2015-6420, CVE-2016-6814, CVE-2015-3253

      Support Notes: Subscribers can request a "Hotfix LPKG" for Liferay Reports through Help Center.

        Attachments

          Activity

            People

            • Assignee:
              support-ee EE Support
              Reporter:
              EnterpriseReleaseHU Enterprise Release HU
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Packages

                Version Package
                7.0.X EE
                7.1.x EE