CVE-2011-1571 – com.liferay.portal:portal-service

Package

Manager: maven
Name: com.liferay.portal:portal-service
Vulnerable Version: >=5.0.0 <6.0.6-ga

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.07147 pctl0.91197

Details

Liferay Portal vulnerable to arbitrary command injection Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

Metadata

Created: 2022-05-13T01:25:11Z
Modified: 2025-07-15T19:23:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rpj9-pc39-h8j8/GHSA-rpj9-pc39-h8j8.json
CWE IDs: ["CWE-77"]
Alternative ID: GHSA-rpj9-pc39-h8j8
Finding: F422
Auto approve: 1