pkg:maven/com.liferay.portal/release.portal.bom
Type
maven
Namespace
com.liferay.portal
Name
release.portal.bom
Known advisories, vulnerabilities and fixes for com.liferay.portal/release.portal.bom package.
Critical
13
High
6
Moderate
26
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | >= 7.4.3.4, < 7.4.3.49 |
CVE-2023-33946
|
MAVEN:GHSA-2868-FF44-43QV | Liferay portal unauthorized access to objects via OAuth 2 scope | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.4.3.49 |
CVE-2023-33946
|
MAVEN:GHSA-2868-FF44-43QV | Liferay portal unauthorized access to objects via OAuth 2 scope | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | >= 7.2.0, < 7.3.1 |
CVE-2023-47798
|
MAVEN:GHSA-2MX7-XVFG-FG53 | Liferay Portal's account lockout does not invalidate existing user sessions | moderate |
2024-02-08T03:32:45
(7 months ago) |
|
Fixed | = 7.3.1 |
CVE-2023-47798
|
MAVEN:GHSA-2MX7-XVFG-FG53 | Liferay Portal's account lockout does not invalidate existing user sessions | moderate |
2024-02-08T03:32:45
(7 months ago) |
|
Affected | <= 7.4.3.4 |
CVE-2024-25603
|
MAVEN:GHSA-44JG-JGJX-3XG5 | Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
Affected | >= 7.4.3.44, <= 7.4.3.97 |
CVE-2023-40191
|
MAVEN:GHSA-468X-FRCM-GHX6 | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
Affected | >= 7.1.0, < 7.4.3.13 |
CVE-2023-33939
|
MAVEN:GHSA-53MW-69QX-Q4FC | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.4.3.13 |
CVE-2023-33939
|
MAVEN:GHSA-53MW-69QX-Q4FC | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | >= 7.3.3, <= 7.4.3.97 |
CVE-2023-42496
|
MAVEN:GHSA-54PV-R62J-9QQC | Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
Affected | >= 7.4.3.5, <= 7.4.3.36 |
CVE-2022-42127
|
MAVEN:GHSA-5X9H-P2GX-35MG | Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.48 |
CVE-2022-42127
|
MAVEN:GHSA-5X9H-P2GX-35MG | Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | >= 7.3.5, <= 7.4.3.28 |
CVE-2022-42126
|
MAVEN:GHSA-642H-MX8Q-47P2 | Missing permissions check in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.48 |
CVE-2022-42126
|
MAVEN:GHSA-642H-MX8Q-47P2 | Missing permissions check in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | >= 7.2.0, < 7.3.3 |
CVE-2021-33330
|
MAVEN:GHSA-6XXC-4JC4-7JV3 | Exposure of Resource to Wrong Sphere in Liferay Portal | moderate |
2022-05-24T22:28:20
(2 years ago) |
|
Fixed | = 7.3.3 |
CVE-2021-33330
|
MAVEN:GHSA-6XXC-4JC4-7JV3 | Exposure of Resource to Wrong Sphere in Liferay Portal | moderate |
2022-05-24T22:28:20
(2 years ago) |
|
Affected | >= 7.4.3.8, <= 7.4.3.97 |
CVE-2023-42498
|
MAVEN:GHSA-73X3-8MRG-5R93 | Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
Affected | >= 7.4.3.4, < 7.4.3.61 |
CVE-2023-33947
|
MAVEN:GHSA-769C-P92R-XGXJ | Liferay portal has unauthorized access to object definition via search | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.4.3.61 |
CVE-2023-33947
|
MAVEN:GHSA-769C-P92R-XGXJ | Liferay portal has unauthorized access to object definition via search | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | >= 7.3.3, < 7.4.3.35 |
CVE-2022-39975
|
MAVEN:GHSA-83QX-288M-72W4 | Liferay Portal Missing Authorization vulnerability | moderate |
2022-09-23T00:00:46
(2 years ago) |
|
Fixed | = 7.4.3.35 |
CVE-2022-39975
|
MAVEN:GHSA-83QX-288M-72W4 | Liferay Portal Missing Authorization vulnerability | moderate |
2022-09-23T00:00:46
(2 years ago) |
|
Affected | >= 7.2.0, < 7.3.7 |
CVE-2024-25143
|
MAVEN:GHSA-87M3-6QJ3-P3XH | Liferay Portal denial of service (memory consumption) | moderate |
2024-02-07T15:30:50
(7 months ago) |
|
Fixed | = 7.3.7 |
CVE-2024-25143
|
MAVEN:GHSA-87M3-6QJ3-P3XH | Liferay Portal denial of service (memory consumption) | moderate |
2024-02-07T15:30:50
(7 months ago) |
|
Affected | < 7.4.3.12 |
CVE-2024-25145
|
MAVEN:GHSA-9VGQ-W5PV-V77Q | Liferay Portal stored cross-site scripting (XSS) vulnerability | critical |
2024-02-07T15:30:50
(7 months ago) |
|
Fixed | = 7.4.3.12 |
CVE-2024-25145
|
MAVEN:GHSA-9VGQ-W5PV-V77Q | Liferay Portal stored cross-site scripting (XSS) vulnerability | critical |
2024-02-07T15:30:50
(7 months ago) |
|
Affected | >= 7.4.3.48, < 7.4.3.77 |
CVE-2023-33950
|
MAVEN:GHSA-CHRC-Q6V3-JFV8 | Liferay Portal has Inefficient Regular Expression | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.4.3.77 |
CVE-2023-33950
|
MAVEN:GHSA-CHRC-Q6V3-JFV8 | Liferay Portal has Inefficient Regular Expression | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | <= 7.4.2 |
CVE-2024-25601
|
MAVEN:GHSA-CR36-3VQF-X5W5 | Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
Affected | >= 7.1.0, < 7.4.3.4 |
CVE-2022-42131
|
MAVEN:GHSA-CX84-43XC-3GM2 | Improper Certificate Validation in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.4 |
CVE-2022-42131
|
MAVEN:GHSA-CX84-43XC-3GM2 | Improper Certificate Validation in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | >= 7.3.2, < 7.4.3.5 |
CVE-2022-42129
|
MAVEN:GHSA-G6X4-57HP-J4XM | Authorization Bypass in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.5 |
CVE-2022-42129
|
MAVEN:GHSA-G6X4-57HP-J4XM | Authorization Bypass in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | >= 7.3.1, < 7.4.3.18 |
CVE-2023-33945
|
MAVEN:GHSA-G7VW-43XG-8M4H | SQL injection in Liferay Portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.4.3.18 |
CVE-2023-33945
|
MAVEN:GHSA-G7VW-43XG-8M4H | SQL injection in Liferay Portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | >= 7.4.3.5, <= 7.4.3.35 |
CVE-2022-42125
|
MAVEN:GHSA-G8HP-RC67-JF96 | Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.48 |
CVE-2022-42125
|
MAVEN:GHSA-G8HP-RC67-JF96 | Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | >= 7.0.0, < 7.3.1 |
CVE-2023-33949
|
MAVEN:GHSA-G9MR-9XFC-4GF7 | Insecure Default Initialization In Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.3.1 |
CVE-2023-33949
|
MAVEN:GHSA-G9MR-9XFC-4GF7 | Insecure Default Initialization In Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | >= 7.3.3, < 7.4.3.19 |
CVE-2022-42123
|
MAVEN:GHSA-HFFX-R282-W2G9 | Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.19 |
CVE-2022-42123
|
MAVEN:GHSA-HFFX-R282-W2G9 | Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | <= 7.4.2 |
CVE-2024-25151
|
MAVEN:GHSA-HGR6-6HHW-883F | Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing | moderate |
2024-02-21T06:30:32
(6 months ago) |
|
Affected | < 7.3.3 |
CVE-2020-24554
|
MAVEN:GHSA-MG53-XR8M-86HW | Open Redirect in Liferay Portal | high |
2021-05-07T15:54:54
(3 years ago) |
|
Fixed | = 7.3.3 |
CVE-2020-24554
|
MAVEN:GHSA-MG53-XR8M-86HW | Open Redirect in Liferay Portal | high |
2021-05-07T15:54:54
(3 years ago) |
|
Affected | >= 7.2.0, < 7.4.2 |
CVE-2024-25146
|
MAVEN:GHSA-MQF8-4CQM-P83X | Liferay Portal allows attackers to discover the existence of sites | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
Fixed | = 7.4.2 |
CVE-2024-25146
|
MAVEN:GHSA-MQF8-4CQM-P83X | Liferay Portal allows attackers to discover the existence of sites | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
Affected | >= 7.4.3.41, < 7.4.3.53 |
CVE-2023-33941
|
MAVEN:GHSA-MVFV-W3FQ-XP67 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.4.3.53 |
CVE-2023-33941
|
MAVEN:GHSA-MVFV-W3FQ-XP67 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | >= 7.1.0, < 7.4.3.5 |
CVE-2022-42130
|
MAVEN:GHSA-MXVQ-CV4X-P3JW | Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.5 |
CVE-2022-42130
|
MAVEN:GHSA-MXVQ-CV4X-P3JW | Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | <= 7.4.2 |
CVE-2024-25152
|
MAVEN:GHSA-P28X-4R5H-PH6J | Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
Affected | >= 7.4.3.21, < 7.4.3.63 |
CVE-2023-33943
|
MAVEN:GHSA-P9XG-9378-CQP7 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.4.3.63 |
CVE-2023-33943
|
MAVEN:GHSA-P9XG-9378-CQP7 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | >= 7.3.4, < 7.4.3.69 |
CVE-2023-33944
|
MAVEN:GHSA-PFWC-4FRF-4GF8 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.4.3.69 |
CVE-2023-33944
|
MAVEN:GHSA-PFWC-4FRF-4GF8 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | >= 7.4.3.18, <= 7.4.3.101 |
CVE-2023-47795
|
MAVEN:GHSA-Q2CV-7J58-RFMJ | Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T15:30:45
(6 months ago) |
|
Affected | >= 7.2.0, < 7.4.2 |
CVE-2024-25148
|
MAVEN:GHSA-QWJ8-QGPR-8CRM | Liferay Portal vulnerable to user impersonation | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
Fixed | = 7.4.2 |
CVE-2024-25148
|
MAVEN:GHSA-QWJ8-QGPR-8CRM | Liferay Portal vulnerable to user impersonation | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
Affected | >= 7.2.0, <= 7.4.3.37 |
CVE-2024-26269
|
MAVEN:GHSA-RWHV-HVJ2-QRQM | Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
Affected | <= 7.4.3.13 |
CVE-2024-26266
|
MAVEN:GHSA-RWXC-4CMW-7X75 | Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
Affected | <= 7.4.2 |
CVE-2024-25602
|
MAVEN:GHSA-V2XQ-M22W-JMPR | Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
Affected | >= 7.4.3.94, < 7.4.3.96 |
CVE-2023-47797
|
MAVEN:GHSA-V32M-PF9Q-P3XG | Liferay Portal XSS with `p_l_back_url_title` on edit content page | critical |
2023-11-17T06:31:22
(10 months ago) |
|
Fixed | = 7.4.3.96 |
CVE-2023-47797
|
MAVEN:GHSA-V32M-PF9Q-P3XG | Liferay Portal XSS with `p_l_back_url_title` on edit content page | critical |
2023-11-17T06:31:22
(10 months ago) |
|
Affected | >= 7.1.0, < 7.3.1 |
CVE-2023-33937
|
MAVEN:GHSA-V6M2-J92J-2H78 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.3.1 |
CVE-2023-33937
|
MAVEN:GHSA-V6M2-J92J-2H78 | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | >= 7.3.2, < 7.4.3.5 |
CVE-2022-42124
|
MAVEN:GHSA-VJJ4-QWCM-552H | Inefficient Regular Expression Complexity in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.5 |
CVE-2022-42124
|
MAVEN:GHSA-VJJ4-QWCM-552H | Inefficient Regular Expression Complexity in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | >= 7.2.0, < 7.4.3.27 |
CVE-2024-25144
|
MAVEN:GHSA-W275-M8CR-HF2V | Liferay Portal denial-of-service vulnerability | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
Fixed | = 7.4.3.27 |
CVE-2024-25144
|
MAVEN:GHSA-W275-M8CR-HF2V | Liferay Portal denial-of-service vulnerability | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
Affected | = 7.4.3.67 |
CVE-2023-33948
|
MAVEN:GHSA-W6F8-MXF5-4VF8 | Missing authorization in Liferay portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
Fixed | = 7.4.3.68 |
CVE-2023-33948
|
MAVEN:GHSA-W6F8-MXF5-4VF8 | Missing authorization in Liferay portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
Affected | >= 7.4.1, <= 7.4.3.4 |
CVE-2022-42128
|
MAVEN:GHSA-WGQM-QP44-CG6X | Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Fixed | = 7.4.3.5 |
CVE-2022-42128
|
MAVEN:GHSA-WGQM-QP44-CG6X | Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
Affected | = 7.4.3.50 |
CVE-2023-33942
|
MAVEN:GHSA-WV99-WMPF-JRQR | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.4.3.51 |
CVE-2023-33942
|
MAVEN:GHSA-WV99-WMPF-JRQR | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | >= 7.3.0, < 7.4.1 |
CVE-2023-33938
|
MAVEN:GHSA-WVHW-5M89-64GV | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.4.1 |
CVE-2023-33938
|
MAVEN:GHSA-WVHW-5M89-64GV | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | >= 7.4.0, < 7.4.3.31 |
CVE-2023-33940
|
MAVEN:GHSA-X82Q-MR23-27JC | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Fixed | = 7.4.3.31 |
CVE-2023-33940
|
MAVEN:GHSA-X82Q-MR23-27JC | Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
Affected | <= 7.4.1 |
CVE-2024-25147
|
MAVEN:GHSA-XPJG-7HX7-WGCX | Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |