PT-2020-14664 · Liferay · Liferay Portal+1
Published
2020-07-20
·
Updated
2025-08-15
·
CVE-2020-15841
CVSS v3.1
8.3
High
| Vector | AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions prior to 7.3.0
Liferay DXP 7.0 through fix pack 88
Liferay DXP 7.1 through fix pack 16
Liferay DXP 7.2 through fix pack 3
Description
The issue allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature because it does not safely test a connection to an LDAP server.
Recommendations
For Liferay Portal versions prior to 7.3.0, update to version 7.3.0 or later.
For Liferay DXP 7.0, apply fix pack 89 or later.
For Liferay DXP 7.1, apply fix pack 17 or later.
For Liferay DXP 7.2, apply fix pack 4 or later.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal