← back
CVE-2020-15841

CVE-2020-15841

CVSS 8.3 HIGHEPSS 1.5%
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.3EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
20 Jul 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.
CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://issues.liferay.com/browse/LPE-16928https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317439