Vulnerabilities > Liferay > DXP > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-16 | CVE-2021-29041 | Unspecified vulnerability in Liferay DXP 7.0 Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the other user's TOTP shared secret. | 4.0 |
| 2021-05-16 | CVE-2021-29047 | Improper Authentication vulnerability in Liferay DXP 7.0 The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer. | 5.0 |
| 2020-09-24 | CVE-2020-15840 | Unspecified vulnerability in Liferay DXP and Liferay Portal In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs. | 5.0 |
| 2020-07-20 | CVE-2020-15842 | Deserialization of Untrusted Data vulnerability in Liferay DXP 7.0 Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization. | 6.8 |
| 2020-07-20 | CVE-2020-15841 | Insufficiently Protected Credentials vulnerability in Liferay DXP and Liferay Portal Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature. | 4.3 |