CNNVD-202510-4195 Information
CNNVD ID
CNNVD-202510-4195
Related CVE
- CNNVD Published: 2025-10-30
Description (Chinese)
Liferay Portal和Liferay DXP都是美国Liferay公司的产品。Liferay Portal是一套基于J2EE的门户解决方案。该方案使用了EJB以及JMS等技术,并可作为Web发布和共享工作区、企业协作平台、社交网络等。Liferay DXP是一套数字化体验协作平台。 Liferay Portal和Liferay DXP存在安全漏洞,该漏洞源于容易受到DNS重绑定攻击,可能导致用户被重定向到任意外部URL。以下产品及版本受到影响:Liferay Portal 7.4.3.119及之前版本和7.4 GA至update 92及之前版本和Liferay DXP 2024.Q1.5及之前版本和2023.Q4.10及之前版本和2023.Q3.10及之前版本。
Description (English)
Liferay Portal and Liferay DXP are products of the United States company Liferay. Liferay Portal is a portal solution based on J2EE. The programme uses technologies such as EJB and JMS, and can be used as a Web-based workspace, corporate collaboration platform, social networking etc. Liferay DXP is a collaborative platform for digital experience. Liferay Portal and Liferay DXP have a security loophole, which stems from their vulnerability to DNS re-entanglement attacks and may lead to the re-direction of users to any external URL. The following products and versions have been affected: Liveray Portal 7.4.3.119 and previous versions and 7.4 GA-update 92 and previous versions and Liveray DXP 2024.Q1.5 and 2023.Q4.10 and earlier and 2023.Q3.10 and earlier versions.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Liferay
Published
2025-10-30
Last Modified
2026-02-24