[LPE-17074] Security vulnerability in Apache Xerces 2.8.1 (Portal Security SSO OpenID) - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
Fix Version/s: 7.0.X EE, 7.1.x EE, 7.2.X EE
Component/s: Application Security > OpenID, Security Vulnerability
Labels:

CVSS Base Score:
7.5
CVSS Vector String:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.0 Fix Pack Version:
95
7.1 Fix Pack Version:
19
7.2 Fix Pack Version:
8

Description

The Portal Security SSO OpenID module in Liferay DXP 7.0 and 7.1, and Liferay Portal Security SSO OpenID 1.0.0 for DXP 7.2 is bundled with Apache Xerces 2.8.1 which has known vulnerabilities. For more details, please see https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe_version=cpe%3a%2fa%3aapache%3axerces2_java%3a2.8.1

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 03/Aug/20 12:05 PM

Updated:: 18/Dec/20 6:09 AM

Resolved:: 10/Dec/20 3:52 AM

Packages

Version	Package
7.0.X EE
7.1.x EE
7.2.X EE