com.liferay.portal:com.liferay.portal.impl
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.liferay.portal:com.liferay.portal.implpage 1 of 1
- CVE-2020-15840MEDIUMCVSS 5.3EG 5.3✓ Fixed in 7.1.32020-09-24
vulnerable: 1.0.0 ... 7.1.2 (1300 versions)
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
- CVE-2021-29050HIGHCVSS 8.8EG 8.8✓ Fixed in 5.25.02024-02-20
vulnerable: 1.0.0 ... 5.9.0 (1140 versions)
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social…
- CVE-2021-33321HIGHCVSS 7.5EG 7.5✓ Fixed in 5.11.02021-08-03
vulnerable: 1.0.0 ... 5.9.0 (1051 versions)
Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.passwo…
- CVE-2021-33322HIGHCVSS 7.5EG 7.5✓ Fixed in 5.7.32021-08-03
vulnerable: 1.0.0 ... 5.7.2 (1036 versions)
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to…
- CVE-2022-26595MEDIUMCVSS 4.3EG 4.3✓ Fixed in 7.7.92022-04-19
vulnerable: 1.0.0 ... 7.7.8 (1319 versions)
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the…
- CVE-2022-41414MEDIUMCVSS 5.3EG 5.3✓ Fixed in 8.0.02022-10-07
vulnerable: 1.0.0 ... 7.8.8 (1328 versions)
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.
- CVE-2025-43768HIGHCVSS 7.7EG 7.7✓ Fixed in 108.1.12025-08-23
vulnerable: 1.0.0 ... 99.0.2 (1601 versions)
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without a…
- CVE-2025-43793HIGHCVSS 7.5EG 7.5✓ Fixed in 96.0.02025-09-15
vulnerable: 1.0.0 ... 95.0.0 (1562 versions)
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the…
- CVE-2025-43801HIGHCVSS 7.5EG 7.5✓ Fixed in 101.0.02025-09-16
vulnerable: 1.0.0 ... 99.0.2 (1572 versions)
Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update …
- CVE-2025-62261MEDIUMCVSS 6.5EG 6.5✓ Fixed in 92.0.22025-10-27
vulnerable: 1.0.0 ... 92.0.1 (1557 versions)
Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain te…
- CVE-2025-62276MEDIUMCVSS 5.5EG 5.5✓ Fixed in 69.1.02025-11-01
vulnerable: 1.0.0 ... 9.1.0 (1504 versions)
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older …
Check whether com.liferay.portal:com.liferay.portal.impl is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.liferay.portal:com.liferay.portal.impl CVEs against the assets you own.
Start Free Scan →