{"url":"http://public2.vulnerablecode.io/api/packages/539001?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp94-1","type":"maven","namespace":"com.liferay.portal","name":"release.dxp.bom","version":"7.0.10.fp94-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.3u36","latest_non_vulnerable_version":"2025.Q2.10","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208339?format=json","vulnerability_id":"VCID-6aqp-gny4-5ffp","summary":"Liferay Portal and Liferay DXP fails to check origin of event messages","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25146","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-25146"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/2fe144127a1a3b4c74f47e4b760b992b997c276b"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps?p_r_p_assetEntryId=121612000&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121612000%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25146","reference_id":"CVE-2022-25146","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25146"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps","reference_id":"CVE-2022-25146-CSRF-TOKEN-EXFILTRATION-VIA-REMOTE-APPS","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-25146-csrf-token-exfiltration-via-remote-apps"},{"reference_url":"https://github.com/advisories/GHSA-ghw5-998m-vw4w","reference_id":"GHSA-ghw5-998m-vw4w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ghw5-998m-vw4w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19581?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.4.13.u5"}],"aliases":["CVE-2022-25146","GHSA-ghw5-998m-vw4w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6aqp-gny4-5ffp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208049?format=json","vulnerability_id":"VCID-6gyp-c7wt-qfb5","summary":"Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15839","reference_id":"","reference_type":"","scores":[{"value":"0.01076","scoring_system":"epss","scoring_elements":"0.78211","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15839"},{"reference_url":"https://issues.liferay.com/browse/LPE-17029","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17029"},{"reference_url":"https://issues.liferay.com/browse/LPE-17055","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17055"},{"reference_url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784928"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15839","reference_id":"CVE-2020-15839","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15839"},{"reference_url":"https://github.com/advisories/GHSA-c7f6-4vx5-4263","reference_id":"GHSA-c7f6-4vx5-4263","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c7f6-4vx5-4263"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19216?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-9xdb-721c-hqgf"},{"vulnerability":"VCID-mjr1-fwsd-xkgc"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp18"},{"url":"http://public2.vulnerablecode.io/api/packages/19214?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-9xdb-721c-hqgf"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp6"}],"aliases":["CVE-2020-15839","GHSA-c7f6-4vx5-4263"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gyp-c7wt-qfb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208325?format=json","vulnerability_id":"VCID-scdp-ugfr-yqap","summary":"Liferay Portal and Liferay DXP has incorrect default permissions for site members","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38268","reference_id":"","reference_type":"","scores":[{"value":"0.00119","scoring_system":"epss","scoring_elements":"0.30461","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38268"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/16228425d7395b564f3c4cb5fae0c71c7228202b"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17150","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17150"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38268-site-member-can-add-new-forms-by-default?p_r_p_assetEntryId=121611813&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611813%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38268","reference_id":"CVE-2021-38268","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38268"},{"reference_url":"https://github.com/advisories/GHSA-f855-2rvm-5j7h","reference_id":"GHSA-f855-2rvm-5j7h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f855-2rvm-5j7h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19554?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-6gyp-c7wt-qfb5"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp101"},{"url":"http://public2.vulnerablecode.io/api/packages/19556?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp21"},{"url":"http://public2.vulnerablecode.io/api/packages/541053?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.1.10.fp22"},{"url":"http://public2.vulnerablecode.io/api/packages/19552?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-vk9f-1396-jkcp"},{"vulnerability":"VCID-vweb-9s62-zucm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp10"},{"url":"http://public2.vulnerablecode.io/api/packages/19559?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-txpn-fzyb-3udy"},{"vulnerability":"VCID-z611-svpn-m7b1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.fp2"}],"aliases":["CVE-2021-38268","GHSA-f855-2rvm-5j7h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-scdp-ugfr-yqap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208347?format=json","vulnerability_id":"VCID-vk9f-1396-jkcp","summary":"Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38265","reference_id":"","reference_type":"","scores":[{"value":"0.00178","scoring_system":"epss","scoring_elements":"0.39174","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38265"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/ac8267406785c2e70f4b15aadd604fbe7fb4451b"},{"reference_url":"https://liferay.atlassian.net/browse/LPE-17229","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.atlassian.net/browse/LPE-17229"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38265-stored-xss-with-collection-name?p_r_p_assetEntryId=121611955&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611955%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38265","reference_id":"CVE-2021-38265","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38265"},{"reference_url":"https://github.com/advisories/GHSA-3x83-whxw-pvmg","reference_id":"GHSA-3x83-whxw-pvmg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3x83-whxw-pvmg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/541054?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10"}],"aliases":["CVE-2021-38265","GHSA-3x83-whxw-pvmg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vk9f-1396-jkcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208352?format=json","vulnerability_id":"VCID-vweb-9s62-zucm","summary":"Liferay Portal and Liferay DXP fails to properly import users from LDAP","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38266","reference_id":"","reference_type":"","scores":[{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83417","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38266"},{"reference_url":"https://github.com/liferay/liferay-portal","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal"},{"reference_url":"https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/liferay/liferay-portal/commit/c3d1e3c7b18be0791360bb57428ea8234bcbb736"},{"reference_url":"https://issues.liferay.com/browse/LPE-17191","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.liferay.com/browse/LPE-17191"},{"reference_url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-38266?p_r_p_assetEntryId=121611673&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26p_r_p_assetEntryId%3D121611673%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38266","reference_id":"CVE-2021-38266","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-38266"},{"reference_url":"https://github.com/advisories/GHSA-jp3m-vh3g-6ggp","reference_id":"GHSA-jp3m-vh3g-6ggp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jp3m-vh3g-6ggp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19595?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0-ga1"},{"url":"http://public2.vulnerablecode.io/api/packages/541054?format=json","purl":"pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-25ay-9z7s-47dg"},{"vulnerability":"VCID-6aqp-gny4-5ffp"},{"vulnerability":"VCID-9ka7-ck9s-nudp"},{"vulnerability":"VCID-b31e-vxh7-1qe8"},{"vulnerability":"VCID-h9vv-1cu6-jydx"},{"vulnerability":"VCID-scdp-ugfr-yqap"},{"vulnerability":"VCID-tvcx-nbr1-efc2"},{"vulnerability":"VCID-txpn-fzyb-3udy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10"}],"aliases":["CVE-2021-38266","GHSA-jp3m-vh3g-6ggp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vweb-9s62-zucm"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.0.10.fp94-1"}