pkg:maven/com.liferay.portal/release.portal.bom
Type
maven
Namespace
com.liferay.portal
Name
release.portal.bom
Known advisories, vulnerabilities and fixes for com.liferay.portal/release.portal.bom package.
Critical
13
High
6
Moderate
26
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 7.4.3.4, < 7.4.3.49 |
CVE-2023-33946
|
 MAVEN:GHSA-2868-FF44-43QV
|
Liferay portal unauthorized access to objects via OAuth 2 scope | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.4.3.49 |
CVE-2023-33946
|
MAVEN:GHSA-2868-FF44-43QV
|
Liferay portal unauthorized access to objects via OAuth 2 scope | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | >= 7.2.0, < 7.3.1 |
CVE-2023-47798
|
MAVEN:GHSA-2MX7-XVFG-FG53
|
Liferay Portal's account lockout does not invalidate existing user sessions | moderate |
2024-02-08T03:32:45
(7 months ago) |
|
| Fixed | = 7.3.1 |
CVE-2023-47798
|
MAVEN:GHSA-2MX7-XVFG-FG53
|
Liferay Portal's account lockout does not invalidate existing user sessions | moderate |
2024-02-08T03:32:45
(7 months ago) |
|
| Affected | <= 7.4.3.4 |
CVE-2024-25603
|
MAVEN:GHSA-44JG-JGJX-3XG5
|
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Affected | >= 7.4.3.44, <= 7.4.3.97 |
CVE-2023-40191
|
MAVEN:GHSA-468X-FRCM-GHX6
|
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.1.0, < 7.4.3.13 |
CVE-2023-33939
|
MAVEN:GHSA-53MW-69QX-Q4FC
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.4.3.13 |
CVE-2023-33939
|
MAVEN:GHSA-53MW-69QX-Q4FC
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | >= 7.3.3, <= 7.4.3.97 |
CVE-2023-42496
|
MAVEN:GHSA-54PV-R62J-9QQC
|
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.3.5, <= 7.4.3.36 |
CVE-2022-42127
|
MAVEN:GHSA-5X9H-P2GX-35MG
|
Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.48 |
CVE-2022-42127
|
MAVEN:GHSA-5X9H-P2GX-35MG
|
Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | >= 7.3.5, <= 7.4.3.28 |
CVE-2022-42126
|
MAVEN:GHSA-642H-MX8Q-47P2
|
Missing permissions check in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.48 |
CVE-2022-42126
|
MAVEN:GHSA-642H-MX8Q-47P2
|
Missing permissions check in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | >= 7.2.0, < 7.3.3 |
CVE-2021-33330
|
MAVEN:GHSA-6XXC-4JC4-7JV3
|
Exposure of Resource to Wrong Sphere in Liferay Portal | moderate |
2022-05-24T22:28:20
(2 years ago) |
|
| Fixed | = 7.3.3 |
CVE-2021-33330
|
MAVEN:GHSA-6XXC-4JC4-7JV3
|
Exposure of Resource to Wrong Sphere in Liferay Portal | moderate |
2022-05-24T22:28:20
(2 years ago) |
|
| Affected | >= 7.4.3.8, <= 7.4.3.97 |
CVE-2023-42498
|
MAVEN:GHSA-73X3-8MRG-5R93
|
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.3.4, < 7.4.3.61 |
CVE-2023-33947
|
MAVEN:GHSA-769C-P92R-XGXJ
|
Liferay portal has unauthorized access to object definition via search | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.4.3.61 |
CVE-2023-33947
|
MAVEN:GHSA-769C-P92R-XGXJ
|
Liferay portal has unauthorized access to object definition via search | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | >= 7.3.3, < 7.4.3.35 |
CVE-2022-39975
|
MAVEN:GHSA-83QX-288M-72W4
|
Liferay Portal Missing Authorization vulnerability | moderate |
2022-09-23T00:00:46
(2 years ago) |
|
| Fixed | = 7.4.3.35 |
CVE-2022-39975
|
MAVEN:GHSA-83QX-288M-72W4
|
Liferay Portal Missing Authorization vulnerability | moderate |
2022-09-23T00:00:46
(2 years ago) |
|
| Affected | >= 7.2.0, < 7.3.7 |
CVE-2024-25143
|
MAVEN:GHSA-87M3-6QJ3-P3XH
|
Liferay Portal denial of service (memory consumption) | moderate |
2024-02-07T15:30:50
(7 months ago) |
|
| Fixed | = 7.3.7 |
CVE-2024-25143
|
MAVEN:GHSA-87M3-6QJ3-P3XH
|
Liferay Portal denial of service (memory consumption) | moderate |
2024-02-07T15:30:50
(7 months ago) |
|
| Affected | < 7.4.3.12 |
CVE-2024-25145
|
MAVEN:GHSA-9VGQ-W5PV-V77Q
|
Liferay Portal stored cross-site scripting (XSS) vulnerability | critical |
2024-02-07T15:30:50
(7 months ago) |
|
| Fixed | = 7.4.3.12 |
CVE-2024-25145
|
MAVEN:GHSA-9VGQ-W5PV-V77Q
|
Liferay Portal stored cross-site scripting (XSS) vulnerability | critical |
2024-02-07T15:30:50
(7 months ago) |
|
| Affected | >= 7.4.3.48, < 7.4.3.77 |
CVE-2023-33950
|
MAVEN:GHSA-CHRC-Q6V3-JFV8
|
Liferay Portal has Inefficient Regular Expression | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.4.3.77 |
CVE-2023-33950
|
MAVEN:GHSA-CHRC-Q6V3-JFV8
|
Liferay Portal has Inefficient Regular Expression | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | <= 7.4.2 |
CVE-2024-25601
|
MAVEN:GHSA-CR36-3VQF-X5W5
|
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.1.0, < 7.4.3.4 |
CVE-2022-42131
|
MAVEN:GHSA-CX84-43XC-3GM2
|
Improper Certificate Validation in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.4 |
CVE-2022-42131
|
MAVEN:GHSA-CX84-43XC-3GM2
|
Improper Certificate Validation in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | >= 7.3.2, < 7.4.3.5 |
CVE-2022-42129
|
MAVEN:GHSA-G6X4-57HP-J4XM
|
Authorization Bypass in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.5 |
CVE-2022-42129
|
MAVEN:GHSA-G6X4-57HP-J4XM
|
Authorization Bypass in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | >= 7.3.1, < 7.4.3.18 |
CVE-2023-33945
|
MAVEN:GHSA-G7VW-43XG-8M4H
|
SQL injection in Liferay Portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.4.3.18 |
CVE-2023-33945
|
MAVEN:GHSA-G7VW-43XG-8M4H
|
SQL injection in Liferay Portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | >= 7.4.3.5, <= 7.4.3.35 |
CVE-2022-42125
|
MAVEN:GHSA-G8HP-RC67-JF96
|
Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.48 |
CVE-2022-42125
|
MAVEN:GHSA-G8HP-RC67-JF96
|
Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | >= 7.0.0, < 7.3.1 |
CVE-2023-33949
|
MAVEN:GHSA-G9MR-9XFC-4GF7
|
Insecure Default Initialization In Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.3.1 |
CVE-2023-33949
|
MAVEN:GHSA-G9MR-9XFC-4GF7
|
Insecure Default Initialization In Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | >= 7.3.3, < 7.4.3.19 |
CVE-2022-42123
|
MAVEN:GHSA-HFFX-R282-W2G9
|
Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.19 |
CVE-2022-42123
|
MAVEN:GHSA-HFFX-R282-W2G9
|
Path Traversal in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | <= 7.4.2 |
CVE-2024-25151
|
MAVEN:GHSA-HGR6-6HHW-883F
|
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing | moderate |
2024-02-21T06:30:32
(6 months ago) |
|
| Affected | < 7.3.3 |
CVE-2020-24554
|
MAVEN:GHSA-MG53-XR8M-86HW
|
Open Redirect in Liferay Portal | high |
2021-05-07T15:54:54
(3 years ago) |
|
| Fixed | = 7.3.3 |
CVE-2020-24554
|
MAVEN:GHSA-MG53-XR8M-86HW
|
Open Redirect in Liferay Portal | high |
2021-05-07T15:54:54
(3 years ago) |
|
| Affected | >= 7.2.0, < 7.4.2 |
CVE-2024-25146
|
MAVEN:GHSA-MQF8-4CQM-P83X
|
Liferay Portal allows attackers to discover the existence of sites | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Fixed | = 7.4.2 |
CVE-2024-25146
|
MAVEN:GHSA-MQF8-4CQM-P83X
|
Liferay Portal allows attackers to discover the existence of sites | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Affected | >= 7.4.3.41, < 7.4.3.53 |
CVE-2023-33941
|
MAVEN:GHSA-MVFV-W3FQ-XP67
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.4.3.53 |
CVE-2023-33941
|
MAVEN:GHSA-MVFV-W3FQ-XP67
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | >= 7.1.0, < 7.4.3.5 |
CVE-2022-42130
|
MAVEN:GHSA-MXVQ-CV4X-P3JW
|
Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.5 |
CVE-2022-42130
|
MAVEN:GHSA-MXVQ-CV4X-P3JW
|
Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | <= 7.4.2 |
CVE-2024-25152
|
MAVEN:GHSA-P28X-4R5H-PH6J
|
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.3.21, < 7.4.3.63 |
CVE-2023-33943
|
MAVEN:GHSA-P9XG-9378-CQP7
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.4.3.63 |
CVE-2023-33943
|
MAVEN:GHSA-P9XG-9378-CQP7
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | >= 7.3.4, < 7.4.3.69 |
CVE-2023-33944
|
MAVEN:GHSA-PFWC-4FRF-4GF8
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.4.3.69 |
CVE-2023-33944
|
MAVEN:GHSA-PFWC-4FRF-4GF8
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | >= 7.4.3.18, <= 7.4.3.101 |
CVE-2023-47795
|
MAVEN:GHSA-Q2CV-7J58-RFMJ
|
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T15:30:45
(6 months ago) |
|
| Affected | >= 7.2.0, < 7.4.2 |
CVE-2024-25148
|
MAVEN:GHSA-QWJ8-QGPR-8CRM
|
Liferay Portal vulnerable to user impersonation | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Fixed | = 7.4.2 |
CVE-2024-25148
|
MAVEN:GHSA-QWJ8-QGPR-8CRM
|
Liferay Portal vulnerable to user impersonation | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Affected | >= 7.2.0, <= 7.4.3.37 |
CVE-2024-26269
|
MAVEN:GHSA-RWHV-HVJ2-QRQM
|
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Affected | <= 7.4.3.13 |
CVE-2024-26266
|
MAVEN:GHSA-RWXC-4CMW-7X75
|
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Affected | <= 7.4.2 |
CVE-2024-25602
|
MAVEN:GHSA-V2XQ-M22W-JMPR
|
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.3.94, < 7.4.3.96 |
CVE-2023-47797
|
MAVEN:GHSA-V32M-PF9Q-P3XG
|
Liferay Portal XSS with `p_l_back_url_title` on edit content page | critical |
2023-11-17T06:31:22
(10 months ago) |
|
| Fixed | = 7.4.3.96 |
CVE-2023-47797
|
MAVEN:GHSA-V32M-PF9Q-P3XG
|
Liferay Portal XSS with `p_l_back_url_title` on edit content page | critical |
2023-11-17T06:31:22
(10 months ago) |
|
| Affected | >= 7.1.0, < 7.3.1 |
CVE-2023-33937
|
MAVEN:GHSA-V6M2-J92J-2H78
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.3.1 |
CVE-2023-33937
|
MAVEN:GHSA-V6M2-J92J-2H78
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | >= 7.3.2, < 7.4.3.5 |
CVE-2022-42124
|
MAVEN:GHSA-VJJ4-QWCM-552H
|
Inefficient Regular Expression Complexity in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.5 |
CVE-2022-42124
|
MAVEN:GHSA-VJJ4-QWCM-552H
|
Inefficient Regular Expression Complexity in Liferay Portal | high |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | >= 7.2.0, < 7.4.3.27 |
CVE-2024-25144
|
MAVEN:GHSA-W275-M8CR-HF2V
|
Liferay Portal denial-of-service vulnerability | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Fixed | = 7.4.3.27 |
CVE-2024-25144
|
MAVEN:GHSA-W275-M8CR-HF2V
|
Liferay Portal denial-of-service vulnerability | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Affected | = 7.4.3.67 |
CVE-2023-33948
|
MAVEN:GHSA-W6F8-MXF5-4VF8
|
Missing authorization in Liferay portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
| Fixed | = 7.4.3.68 |
CVE-2023-33948
|
MAVEN:GHSA-W6F8-MXF5-4VF8
|
Missing authorization in Liferay portal | high |
2023-05-24T18:30:26
(16 months ago) |
|
| Affected | >= 7.4.1, <= 7.4.3.4 |
CVE-2022-42128
|
MAVEN:GHSA-WGQM-QP44-CG6X
|
Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Fixed | = 7.4.3.5 |
CVE-2022-42128
|
MAVEN:GHSA-WGQM-QP44-CG6X
|
Incorrect Default Permissions in Liferay Portal | moderate |
2022-11-15T12:00:16
(22 months ago) |
|
| Affected | = 7.4.3.50 |
CVE-2023-33942
|
MAVEN:GHSA-WV99-WMPF-JRQR
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.4.3.51 |
CVE-2023-33942
|
MAVEN:GHSA-WV99-WMPF-JRQR
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | >= 7.3.0, < 7.4.1 |
CVE-2023-33938
|
MAVEN:GHSA-WVHW-5M89-64GV
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.4.1 |
CVE-2023-33938
|
MAVEN:GHSA-WVHW-5M89-64GV
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | >= 7.4.0, < 7.4.3.31 |
CVE-2023-33940
|
MAVEN:GHSA-X82Q-MR23-27JC
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Fixed | = 7.4.3.31 |
CVE-2023-33940
|
MAVEN:GHSA-X82Q-MR23-27JC
|
Cross-site scripting in Liferay Portal | moderate |
2023-05-24T15:30:27
(16 months ago) |
|
| Affected | <= 7.4.1 |
CVE-2024-25147
|
MAVEN:GHSA-XPJG-7HX7-WGCX
|
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |