CVE-2020-15841
https://notcve.org/view.php?id=CVE-2020-15841
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature. Liferay Portal versiones anteriores a 7.3.0, y Liferay DXP versión 7.0 anterior al paquete de corrección 89, versión 7.1 anterior al paquete de corrección 17, y versión 7.2 anterior al paquete de corrección 4, no prueba de forma segura una conexión a un servidor LDAP, lo que permite a los atacantes remotos obtener la contraseña del servidor LDAP a través de la función Probar conexión LDAP • https://issues.liferay.com/browse/LPE-16928 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439 •
CVE-2020-13444
https://notcve.org/view.php?id=CVE-2020-13444
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers. Liferay Portal versiones 7.x anteriores a 7.3.2 y Liferay DXP versiones 7.0 anteriores a fixpack 92, versiones 7.1 anteriores a fixpack 18 y versiones 7.2 anteriores a fixpack 5, no sanean la información devuelta por la API DDMDataProvider, que permite a los usuarios autenticados remotos obtener la contraseña en REST Data Providers • https://issues.liferay.com/browse/LPE-17009 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396 •
CVE-2020-13445
https://notcve.org/view.php?id=CVE-2020-13445
In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates. En Liferay Portal versiones anteriores a 7.3.2 y Liferay DXP versiones 7.0 anteriores a fixpack 92, versiones 7.1 anteriores a fixpack 18 y versiones 7.2 anteriores a fixpack 6, la API de plantilla no restringe el acceso del usuario a objetos confidenciales, lo que permite a usuarios autenticados remotos ejecutar código arbitrario por medio de plantillas FreeMarker y Velocity diseñadas • https://issues.liferay.com/browse/LPE-17023 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411 https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-862: Missing Authorization •
CVE-2020-7961 – Liferay Portal Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). Una Deserialización de Datos No Confiables en Liferay Portal versiones anteriores a 7.2.1 CE GA2, permite a atacantes remotos ejecutar código arbitrario por medio de los servicios web JSON (JSONWS). Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. • https://www.exploit-db.com/exploits/48332 https://github.com/mzer0one/CVE-2020-7961-POC https://github.com/ShutdownRepo/CVE-2020-7961 https://github.com/CrackerCat/CVE-2020-7961-Mass https://github.com/shacojx/LifeRCEJsonWSTool-POC-CVE-2020-7961-Gui https://github.com/shacojx/POC-CVE-2020-7961-Token-iterate https://github.com/shacojx/GLiferay-CVE-2020-7961-golang https://github.com/thelostworldFree/CVE-2020-7961-payloads https://github.com/manrop2702/CVE-2020-7961 https://githu • CWE-502: Deserialization of Untrusted Data •
CVE-2020-7934 – LifeRay 7.2.1 GA2 - Stored XSS
https://notcve.org/view.php?id=CVE-2020-7934
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1. En LifeRay Portal CE versiones 7.1.0 hasta 7.2.1 GA2, los campos First Name, Middle Name, y Last Name para las cuentas de usuario en MyAccountPortlet son vulnerables a un problema de tipo XSS persistente. • https://www.exploit-db.com/exploits/49091 https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934 http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html https://semanticbits.com/liferay-portal-authenticated-xss-disclosure • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •