Lucene search
PRIOn knowledge basePRION:CVE-2020-15840HistorySep 24, 2020 - 3:15 p.m.
Code injection
2020-09-2415:15:00
PRIOn knowledge base
www.prio-n.com
6
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property ‘portlet.resource.id.banned.paths.regexp’ can be bypassed with doubled encoded URLs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dxp | eq | 7.0 | |
| dxp | eq | 7.1 | |
| dxp | eq | 7.2 | |
| liferay_portal | eq | 6.2 | |
| liferay_portal | lt | 7.3.1 |
Related
cvelist
cvelist
CVE-2020-15840
2020-09-24 14:56:23
osv
osv
CVE-2020-15840
2020-09-24 15:15:14
nvd
nvd
CVE-2020-15840
2020-09-24 15:15:14
cve
cve
CVE-2020-15840
2020-09-24 15:15:14
veracode
veracode
Authorization Bypass
2020-09-25 03:54:55
openvas
openvas
Liferay Portal < 7.3.1 Information Disclosure Vulnerability
2020-09-28 00:00:00