-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.0 DE (7.0.10), 7.1 DXP (7.1.10), 7.2 DXP (7.2.10)
-
Component/s: Application Security > OpenID, Security Vulnerability
-
CVSS Base Score:7.5
-
CVSS Vector String:CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
-
7.0 Fix Pack Version:95
-
7.1 Fix Pack Version:19
-
7.2 Fix Pack Version:8
The Portal Security SSO OpenID module in Liferay DXP 7.0 and 7.1, and Liferay Portal Security SSO OpenID 1.0.0 for DXP 7.2 is bundled with Apache Xerces 2.8.1 which has known vulnerabilities. For more details, please see https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe_version=cpe%3a%2fa%3aapache%3axerces2_java%3a2.8.1