Lucene search

MitreCVELIST:CVE-2020-15841

HistoryJul 20, 2020 - 1:06 a.m.

CVE-2020-15841

2020-07-2001:06:39

mitre

www.cve.org

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server’s password via the Test LDAP Connection feature.

References

issues.liferay.com/browse/LPE-16928

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Related for CVELIST:CVE-2020-15841