SB2018112207 - Multiple vulnerabilities in Liferay Enterprise Portal

Security Bulletin ID SB2018112207

Severity

Medium

Patch available

YES

Number of vulnerabilities 8

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in session management functionality when processing password changes. If the user has multiple active sessions on the website, these sessions are not terminated, when the user changes the password. As a result, if an attacker is able to compromise a user’s session, password change will not protect from unauthorized usage of the compromised session in the future.

2) Open redirect (CVE-ID: N/A)

The vulnerability allows a remote unauthenticated attacker to redirect the target user to external websites.

The weakness exists due to open redirect with Blogs RSS and tunnel-web. A remote attacker can use a specially crafted image link, trick the victim into opening it and redirect users to malicious website.

3) Cross-site scripting (CVE-ID: N/A)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

4) Security restrictions bypass (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to multiple permission issue. A remote attacker can bypass security restrictions and perform actions on resources which are not allowed to perform.

5) Server-side request forgery (CVE-ID: N/A)

The vulnerability allows a remote user to perform SSRF attack.

The weakness exists due to unspecified error. A remote attacker can perform SSRF attack via Web Content templates and Application Display Templates (ADT) to bypass network access controls and gain access to sensitive information.

6) Cross-site scripting (CVE-ID: N/A)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

7) Session hijacking (CVE-ID: N/A)

The vulnerability allows a remote attacker to conduct session fixation attack.

The vulnerability exists due to unspecified flaw. A remote attacker can circumvent the requirement to enter the current password and hijack user's account.

8) XXE attack (CVE-ID: N/A)

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists due to improper handling of XML External Entities (XXEs) when parsing an XML file when default configuration. A remote attacker can conduct XXE-attack via XSL templates in XSL Content and Web Content.

Remediation

Install update from vendor's website.

SB2018112207 - Multiple vulnerabilities in Liferay Enterprise Portal

Breakdown by Severity

Description

Remediation

References

Please verify you're human