Published: 10/06/2020 Updated: 21/07/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

In Liferay Portal prior to 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.

Vulnerable Product	Search on Vulmon	Subscribe to Product
liferay liferay portal 7.1
liferay liferay portal 7.1.1
liferay liferay portal 7.2
liferay liferay portal 7.3

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-20330, CVE-2020-7676, CVE-2020-8840, CVE-2020-11022, CVE-2020-11023, CVE-2020-11619, CVE-2020-13444, CVE-2020-13445, CVE-2020-13934, CVE-2020-13935 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

MAL-001: FreeMarker Server-Side Template Injection in Liferay Portal

MAL-001: FreeMarker Server-Side Template Injection in Liferay Portal An issue was discovered in Liferay - Portal <=74312-ga12 By inserting malicious content in the FTL Templates, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and perform SSRF (Server-Side Request Forgery), re

CWE-74 CWE-862 https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317411 https://issues.liferay.com/browse/LPE-17023 https://securitylab.github.com/advisories/GHSL-2020-043-liferay_ce https://nvd.nist.gov https://github.com/mbadanoiu/MAL-001 https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-130/index.html

CVE-2020-13445

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect