Liferay version older than 7.1 - Vulnerability Database

Liferay version older than 7.1

Description

This alert was generated using only banner information and may be a false positive.

The detected Liferay Portal installation is running a version older than 7.1, which contains multiple known security vulnerabilities. Liferay Portal versions prior to 7.1 have been affected by various security issues including cross-site scripting (XSS) and remote code execution (RCE) flaws. These vulnerabilities can be exploited by attackers to compromise the application and potentially the underlying server infrastructure.

Remediation

Upgrade Liferay Portal to version 7.1 or later as soon as possible to address known security vulnerabilities. Follow these steps:

1. Review the official Liferay security advisories at the provided reference URL to understand specific vulnerabilities affecting your current version
2. Plan a maintenance window for the upgrade process
3. Back up all Liferay Portal data, configurations, and customizations before proceeding
4. Download the latest stable Liferay Portal version from the official Liferay website
5. Follow the official Liferay upgrade documentation to migrate your installation
6. Test all functionality thoroughly in a staging environment before deploying to production
7. After upgrade, verify the new version is running correctly and review security settings

If immediate upgrade is not feasible, implement compensating controls such as web application firewall (WAF) rules, restrict network access to trusted IP addresses, and monitor for suspicious activity until the upgrade can be completed.