← Back

CVE-2020-15840

nvd nist
Published: Sep 24, 2020Modified: May 13, 2025

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.

Affected (5)

Liferay
2 products
Digital Experience Platform
Liferay Portal
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Digital Experience Platform
Version 7.0
Digital Experience Platform
Version 7.1
Digital Experience Platform
Version 7.2
Liferay
Liferay Portal
Before 7.3.1
Liferay Portal
Version 6.2

References (6)

Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.