Main Vulnerability Database Vulnerabilities #VU8553

Improper privilege management in Liferay Enterprise Portal - #VU8553

Published: September 21, 2017

Vulnerability identifier: #VU8553

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Liferay

Affected software:
Liferay Enterprise Portal

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when editing blog entry. The application may reset the blog entry's permission to the default permission. This may allow a user without the necessary permission to view a blog entry.

Remediation

Update to version 7.0.2 CE GA3.

Sources

https://issues.liferay.com/browse/LPS-67682

Improper privilege management in Liferay Enterprise Portal - #VU8553

Detailed vulnerability description

Remediation

Sources

Please verify you're human