Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-17069

LSV-649: Security vulnerability in Apache CXF (portal-remote)

    Details

    • CVSS Base Score:
      6.5
    • CVSS Vector String:
      CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
    • 7.2 Fix Pack Version:
      9

      Description

      In Liferay DXP 7.2, the 'com.liferay.portal.remote.jaxrs.whiteboard', 'com.liferay.portal.remote.rest.extender' and 'com.liferay.portal.remote.soap.extender.impl' bundle includes Apache CXF 3.2.5 which has known vulnerabilities. For more details, please see https://www.cvedetails.com/version-list/45/19906/1/Apache-CXF.html

      In Liferay DXP 7.1, the 'com.liferay.portal.remote.jaxrs.whiteboard' and 'com.liferay.portal.remote.soap.extender.impl' bundle includes Apache CXF 3.2.5 which has known vulnerabilities. For more details, please see https://www.cvedetails.com/version-list/45/19906/1/Apache-CXF.html

      In Liferay DXP 7.0, the 'com.liferay.portal.remote.cxf.common', 'com.liferay.portal.remote.cxf.jaxrs.common' and 'com.liferay.portal.remote.soap.extender.impl' bundle includes Apache CXF 3.1.18 which has known vulnerabilities. For more details, please see https://www.cvedetails.com/version-list/45/19906/1/Apache-CXF.html

       

      Affected Version(s)

      Vulnerable Not vulnerable Unknown
      7.0.6 6.2.5  
      7.0.10 + de-87 6.2.10 + portal-171  
      7.1.3    
      7.1.10 + dxp-14    
      7.2.0    
      7.2.10 + dxp-2    
      7.3.0    

        Attachments

          Activity

            People

            Assignee:
            support-ee EE Support
            Reporter:
            samuel.kong Samuel Kong
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Packages

                Version Package
                7.2.X EE