CVE-2020-15841 – com.liferay.portal:release.dxp.bom

Package

Manager: maven
Name: com.liferay.portal:release.dxp.bom
Vulnerable Version: >=7.0.0 <7.0.10.fp89 || >=7.1.0 <7.1.10.fp17 || >=7.2.0 <7.2.10.fp4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00337 pctl0.55862

Details

Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.

Metadata

Created: 2022-05-24T17:23:58Z
Modified: 2025-05-28T19:58:56Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-773f-f929-qgjj/GHSA-773f-f929-qgjj.json
CWE IDs: ["CWE-522"]
Alternative ID: GHSA-773f-f929-qgjj
Finding: F035
Auto approve: 1