
We found results for “”
CVE-2025-3526
Good to know:

Date: June 16, 2025
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the saving of request parameters in the HTTP session, which allows remote attackers to consume system memory leading to denial-of-service (DoS) conditions via crafted HTTP requests.
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Uncontrolled Resource Consumption
CWE-400Top Fix

Upgrade Version
Upgrade to version com.liferay.portal:com.liferay.portal.kernel:38.0.0;com.liferay.portal:com.liferay.portal.kernel:38.0.0;https://github.com/liferay/liferay-portal.git - 7.4.3.14-ga14
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |