Total
62 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15842 | 1 Liferay | 2 Dxp, Liferay Portal | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | |||||
CVE-2020-15841 | 1 Liferay | 2 Dxp, Liferay Portal | 2023-12-10 | 4.3 MEDIUM | 8.8 HIGH |
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature. |