Main Vulnerability Database Vulnerabilities #VU8555

Information disclosure in Liferay Enterprise Portal - #VU8555

Published: September 21, 2017

Vulnerability identifier: #VU8555

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Liferay

Affected software:
Liferay Enterprise Portal

Detailed vulnerability description

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to web application stored LDAP credentials in log file, when log level is set to DEBUG. A local user with ability to view log files can obtain access credentials of web application users.

Remediation

Update to version 7.0.2 CE GA3.

Sources

https://issues.liferay.com/browse/LPS-67684

Information disclosure in Liferay Enterprise Portal - #VU8555

Detailed vulnerability description

Remediation

Sources

Please verify you're human