Lucene search

[email protected]NVD:CVE-2020-15841

HistoryJul 20, 2020 - 2:15 a.m.

CVE-2020-15841

2020-07-2002:15:11

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server’s password via the Test LDAP Connection feature.

Affected configurations

NVD

Node

liferaydxpMatch7.0

liferaydxpMatch7.0fix_pack_13

liferaydxpMatch7.0fix_pack_14

liferaydxpMatch7.0fix_pack_24

liferaydxpMatch7.0fix_pack_25

liferaydxpMatch7.0fix_pack_26

liferaydxpMatch7.0fix_pack_27

liferaydxpMatch7.0fix_pack_28

liferaydxpMatch7.0fix_pack_3\+

liferaydxpMatch7.0fix_pack_30

liferaydxpMatch7.0fix_pack_33

liferaydxpMatch7.0fix_pack_35

liferaydxpMatch7.0fix_pack_36

liferaydxpMatch7.0fix_pack_39

liferaydxpMatch7.0fix_pack_40

liferaydxpMatch7.0fix_pack_41

liferaydxpMatch7.0fix_pack_42

liferaydxpMatch7.0fix_pack_43

liferaydxpMatch7.0fix_pack_44

liferaydxpMatch7.0fix_pack_45

liferaydxpMatch7.0fix_pack_46

liferaydxpMatch7.0fix_pack_47

liferaydxpMatch7.0fix_pack_48

liferaydxpMatch7.0fix_pack_49

liferaydxpMatch7.0fix_pack_50

liferaydxpMatch7.0fix_pack_51

liferaydxpMatch7.0fix_pack_52

liferaydxpMatch7.0fix_pack_53

liferaydxpMatch7.0fix_pack_54

liferaydxpMatch7.0fix_pack_56

liferaydxpMatch7.0fix_pack_57

liferaydxpMatch7.0fix_pack_58

liferaydxpMatch7.0fix_pack_59

liferaydxpMatch7.0fix_pack_60

liferaydxpMatch7.0fix_pack_61

liferaydxpMatch7.0fix_pack_64

liferaydxpMatch7.0fix_pack_65

liferaydxpMatch7.0fix_pack_66

liferaydxpMatch7.0fix_pack_67

liferaydxpMatch7.0fix_pack_68

liferaydxpMatch7.0fix_pack_69

liferaydxpMatch7.0fix_pack_70

liferaydxpMatch7.0fix_pack_71

liferaydxpMatch7.0fix_pack_72

liferaydxpMatch7.0fix_pack_73

liferaydxpMatch7.0fix_pack_75

liferaydxpMatch7.0fix_pack_76

liferaydxpMatch7.0fix_pack_78

liferaydxpMatch7.0fix_pack_79

liferaydxpMatch7.0fix_pack_80

liferaydxpMatch7.0fix_pack_81

liferaydxpMatch7.1

liferaydxpMatch7.1fix_pack_1

liferaydxpMatch7.1fix_pack_10

liferaydxpMatch7.1fix_pack_11

liferaydxpMatch7.1fix_pack_12

liferaydxpMatch7.1fix_pack_13

liferaydxpMatch7.1fix_pack_14

liferaydxpMatch7.1fix_pack_15

liferaydxpMatch7.1fix_pack_16

liferaydxpMatch7.1fix_pack_2

liferaydxpMatch7.1fix_pack_3

liferaydxpMatch7.1fix_pack_4

liferaydxpMatch7.1fix_pack_5

liferaydxpMatch7.1fix_pack_6

liferaydxpMatch7.1fix_pack_7

liferaydxpMatch7.1fix_pack_8

liferaydxpMatch7.1fix_pack_9

liferaydxpMatch7.2

liferaydxpMatch7.2fix_pack_1

liferaydxpMatch7.2fix_pack_2

liferaydxpMatch7.2fix_pack_3

liferayliferay_portalRange<7.3.0

References

issues.liferay.com/browse/LPE-16928

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Related for NVD:CVE-2020-15841

cvelist1 osv1 prion1 cve1 openvas1