General Information

This is a reminder alert regarding two security alerts previously released in 2018 December and 2019 October. As a result of a recent public blog post, attackers may be actively attempting to exploit Liferay Portal 6.2 EE and DXP through the vulnerabilities reported in LSV-412 and LSV-545.

Liferay strongly recommends customers to review their Liferay Portal 6.2 EE and DXP environments immediately to make sure they are running on a patch level where these vulnerabilities are already fixed (see the fixed versions below).

Vulnerability

These vulnerabilities have already been addressed with the following security alerts:

• LSV-412 (2018 December)
• LSV-545 (2019 October)

Security Level

Severity Level 1

Instructions

Please refer to the Help Center pages referenced above to learn more about each vulnerability and to get information about the patch availability. As a quick reference, we have provided a list of the versions and patch levels where these vulnerabilities are already fixed:

• Liferay Portal 6.2 EE Portal-171+
• Liferay DXP 7.0 Fix Pack 87+ or Service Pack 12+
• Liferay DXP 7.1 Fix Pack 15+ or Service Pack 3+
• Liferay DXP 7.2 Fix Pack 2+ or Service Pack 1+