Published: 10/06/2020 Updated: 16/07/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Liferay Portal 7.x prior to 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
liferay liferay portal 7.1
liferay liferay portal 7.1.1
liferay liferay portal 7.2
liferay liferay portal 7.3

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-20330, CVE-2020-7676, CVE-2020-8840, CVE-2020-11022, CVE-2020-11023, CVE-2020-11619, CVE-2020-13444, CVE-2020-13445, CVE-2020-13934, CVE-2020-13935 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

NVD-CWE-noinfo https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317396 https://issues.liferay.com/browse/LPE-17009 https://nvd.nist.gov https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-130/index.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-13444

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect