Primary

Context

Liferay Portal and DXP Unchecked Input Vulnerability in XML-RPC Leading to Denial-of-Service

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Liferay Portal versions 7.4.0 through 7.4.3.111, older unsupported versions, and Liferay DXP versions 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions. This vulnerability arises from unchecked input for loop conditions in XML-RPC, allowing remote attackers to craft requests that disrupt service.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users can upgrade to Liferay Portal 7.4.3.112 or Liferay DXP versions 2024.Q1.1, 2023.Q4.0, 2023.Q3.5, or 7.3 U36 to address this vulnerability.

Added: Sep 16, 2025, 5:25 PM

Updated: Sep 16, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

2.5

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Liferay Portal and DXP Unchecked Input Vulnerability in XML-RPC Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Liferay Portal

Liferay DXP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating