CVE-2020-13444
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
Liferay Portal versiones 7.x anteriores a 7.3.2 y Liferay DXP versiones 7.0 anteriores a fixpack 92, versiones 7.1 anteriores a fixpack 18 y versiones 7.2 anteriores a fixpack 5, no sanean la informaciĆ³n devuelta por la API DDMDataProvider, que permite a los usuarios autenticados remotos obtener la contraseƱa en REST Data Providers
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-05-25 CVE Reserved
- 2020-06-10 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://issues.liferay.com/browse/LPE-17009 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396 | 2020-07-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.1 Search vendor "Liferay" for product "Liferay Portal" and version "7.1" | ga1, community |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.1 Search vendor "Liferay" for product "Liferay Portal" and version "7.1" | ga2, community |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.1 Search vendor "Liferay" for product "Liferay Portal" and version "7.1" | ga3, community |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.1.1 Search vendor "Liferay" for product "Liferay Portal" and version "7.1.1" | ga2, community |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.2 Search vendor "Liferay" for product "Liferay Portal" and version "7.2" | ga1, community |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.3 Search vendor "Liferay" for product "Liferay Portal" and version "7.3" | ga1, community |
Affected
| ||||||
| Liferay Search vendor "Liferay" | Liferay Portal Search vendor "Liferay" for product "Liferay Portal" | 7.3 Search vendor "Liferay" for product "Liferay Portal" and version "7.3" | ga2, community |
Affected
| ||||||