-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 7.0 DE (7.0.10), 7.2 DXP (7.2.10)
-
Component/s: Security Vulnerability, Web Services > JSON WS
-
CVE IDs:CVE-2021-29040
-
CVSS Base Score:4.3
-
CVSS Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
-
7.0 Fix Pack Version:97
-
7.1 Fix Pack Version:20
-
7.2 Fix Pack Version:10
In Liferay DXP 7.0, 7.1 and 7.2, the JSON web service may contain overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks.
Affected Version(s):
Vulnerable | Not vulnerable |
---|---|
6.2.10 + portal-172 | |
7.0.10 + de-92 | |
7.1.3 | |
7.1.10 + dxp-17 | |
7.2.1 | |
7.2.10 + dxp-5 | |
7.3.2 | 7.3.5 |
7.3.10 |