Vulnerability Details : CVE-2020-15840
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
Products affected by CVE-2020-15840
- cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
- cpe:2.3:a:liferay:liferay_portal:6.2:-:*:*:enterprise:*:*:*
- cpe:2.3:a:liferay:dxp:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:liferay:dxp:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:liferay:dxp:7.2:*:*:*:*:*:*:*
Threat overview for CVE-2020-15840
Top countries where our scanners detected CVE-2020-15840
Top open port discovered on systems with this issue
80
IPs affected by CVE-2020-15840 764
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-15840!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-15840
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15840
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
References for CVE-2020-15840
-
https://portal.liferay.dev/learn/security/known-vulnerabilities
Known VulnerabilitiesVendor Advisory
-
https://issues.liferay.com/browse/LPE-17046
[LPE-17046] LSV-636: 'portlet.resource.id.banned.paths.regexp' bypass with doubled encoded URLs - Liferay IssuesIssue Tracking;Vendor Advisory
-
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119772204
CST-7308 'portlet.resource.id.banned.paths.regexp' bypass with doubled encoded URLs (CVE-2020-15840)Vendor Advisory
Jump to