CVE-2011-1502Sensitive Information Exposure in Portal

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.0MEDIUMNVD
EPSS
0.5%
top 33.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Liferay Portal
Timeline
PublishedMay 7
Latest updateMay 13

Description

Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages1 packages

NVDliferay/liferay_portal6.0.06.0.5

🔴Vulnerability Details

2
GHSA
GHSA-xhf5-qrfm-cqf5: Liferay Portal Community Edition (CE) 62022-05-13
CVEList
CVE-2011-1502: Liferay Portal Community Edition (CE) 62011-05-07
CVE-2011-1502 — Sensitive Information Exposure | cvebase