Mon, 12 Nov 2018 09:39:00 +0000
CST-7106 SSRF vulnerability via templates
Liferay Portal 7.1 CE GA1 is vulnerable to a Server-Side Request Forgery (SSRF) via Web Content templates and Application Display Templates (ADT) which may allow an attacker access to sensitive information.
Ensure only trusted individuals have permission to add and edit Web Content templates and Application Display Templates.
There is no patch available for Liferay Portal 7.1 CE GA1. Instead, users should upgrade to Liferay Portal 7.1 CE GA2 (7.1.1) or later to fix this issue.