CVE-2020-15840

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:liferay:dxp:7.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.1:*:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.2:*:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:6.2:-:*:*:enterprise:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Information

Published : 2020-09-24 08:15

Updated : 2020-10-07 04:36


NVD link : CVE-2020-15840

Mitre link : CVE-2020-15840


JSON object : View

Advertisement

dedicated server usa

Products Affected

liferay

  • liferay_portal
  • dxp