CVE-2020-15841 HIGH

CVE-2020-15841

Vendor N/A
Product n/a
Published July 20, 2020
Last update August 4, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:R

What the vulnerability does

01Description

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.

Key dates

02Disclosure timeline

July 20, 2020 CVE published
August 4, 2024 Record updated