Description

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.

Remediation

References

CVE-2020-15841

Related Vulnerabilities

SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17319)

WordPress Plugin WPtouch Arbitrary File Upload (3.4.6)

WordPress Plugin WP Shop Multiple SQL Injection Vulnerabilities (3.4.3.15)

WordPress Plugin ProfileGrid-User Profiles, Memberships, Groups and Communities Unspecified Vulnerability (2.6.4)

WordPress Plugin Image Slider Arbitrary File Deletion (1.1.89)

Severity

High

Classification

CVE-2020-15841 CWE-522

Tags

Missing Update Known Vulnerabilities