CVE-2020-13444
Description
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.249
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Liferay - release.dxp.bom 7.1.10 | Windows |
| Vulnerabilities CVE-2021-33325,CVE-2021-33323,CVE-2021-33332,CVE-2020-15840,CVE-2020-13444 are fixed in Liferay - release.dxp.bom 7.2.10 | Windows |
| Vulnerabilities CVE-2020-13445,CVE-2020-13444 are fixed in Liferay - release.dxp.bom 7.0.10 | Windows |
| Vulnerabilities CVE-2020-13444 are fixed in Liferay - release.portal.bom 7.3.2 | Windows |
| Multiple vulnerabilities are fixed in Liferay - release.dxp.bom for Linux 7.1.10 | Linux |
| Vulnerabilities CVE-2021-33325,CVE-2021-33323,CVE-2021-33332,CVE-2020-15840,CVE-2020-13444 are fixed in Liferay - release.dxp.bom for Linux 7.2.10 | Linux |
| Vulnerabilities CVE-2020-13445,CVE-2020-13444 are fixed in Liferay - release.dxp.bom for Linux 7.0.10 | Linux |
| Vulnerabilities CVE-2020-13444 are fixed in Liferay - release.portal.bom for Linux 7.3.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234