Design/Logic Flaw

2020-07-2002:15:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.6%

JSON

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server’s password via the Test LDAP Connection feature.

CPENameOperatorVersion
dxpeq7.0 fixpack81
dxpeq7.0 fixpack13
dxpeq7.0 fixpack14
dxpeq7.0 fixpack24
dxpeq7.0 fixpack25
dxpeq7.0 fixpack26
dxpeq7.0 fixpack27
dxpeq7.0 fixpack28
dxpeq7.0 fixpack3
dxpeq7.0 fixpack30

Name	Operator	Version
dxp	eq	7.0 fixpack81
dxp	eq	7.0 fixpack13
dxp	eq	7.0 fixpack14
dxp	eq	7.0 fixpack24
dxp	eq	7.0 fixpack25
dxp	eq	7.0 fixpack26
dxp	eq	7.0 fixpack27
dxp	eq	7.0 fixpack28
dxp	eq	7.0 fixpack3
dxp	eq	7.0 fixpack30