The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dxp | Liferay | 7.2 (including) | 7.2 (including) |
| Dxp | Liferay | 7.2-fix_pack_1 (including) | 7.2-fix_pack_1 (including) |
| Dxp | Liferay | 7.2-fix_pack_10 (including) | 7.2-fix_pack_10 (including) |
| Dxp | Liferay | 7.2-fix_pack_11 (including) | 7.2-fix_pack_11 (including) |
| Dxp | Liferay | 7.2-fix_pack_12 (including) | 7.2-fix_pack_12 (including) |
| Dxp | Liferay | 7.2-fix_pack_13 (including) | 7.2-fix_pack_13 (including) |
| Dxp | Liferay | 7.2-fix_pack_14 (including) | 7.2-fix_pack_14 (including) |
| Dxp | Liferay | 7.2-fix_pack_15 (including) | 7.2-fix_pack_15 (including) |
| Dxp | Liferay | 7.2-fix_pack_16 (including) | 7.2-fix_pack_16 (including) |
| Dxp | Liferay | 7.2-fix_pack_17 (including) | 7.2-fix_pack_17 (including) |
| Dxp | Liferay | 7.2-fix_pack_18 (including) | 7.2-fix_pack_18 (including) |
| Dxp | Liferay | 7.2-fix_pack_2 (including) | 7.2-fix_pack_2 (including) |
| Dxp | Liferay | 7.2-fix_pack_3 (including) | 7.2-fix_pack_3 (including) |
| Dxp | Liferay | 7.2-fix_pack_4 (including) | 7.2-fix_pack_4 (including) |
| Dxp | Liferay | 7.2-fix_pack_5 (including) | 7.2-fix_pack_5 (including) |
| Dxp | Liferay | 7.2-fix_pack_6 (including) | 7.2-fix_pack_6 (including) |
| Dxp | Liferay | 7.2-fix_pack_7 (including) | 7.2-fix_pack_7 (including) |
| Dxp | Liferay | 7.2-fix_pack_8 (including) | 7.2-fix_pack_8 (including) |
| Dxp | Liferay | 7.2-fix_pack_9 (including) | 7.2-fix_pack_9 (including) |
| Dxp | Liferay | 7.3 (including) | 7.3 (including) |
| Dxp | Liferay | 7.3-sp1 (including) | 7.3-sp1 (including) |
| Dxp | Liferay | 7.3-sp2 (including) | 7.3-sp2 (including) |
| Dxp | Liferay | 7.3-sp3 (including) | 7.3-sp3 (including) |
| Dxp | Liferay | 7.3-update_1 (including) | 7.3-update_1 (including) |
| Dxp | Liferay | 7.3-update_2 (including) | 7.3-update_2 (including) |
| Dxp | Liferay | 7.3-update_3 (including) | 7.3-update_3 (including) |
| Dxp | Liferay | 7.3-update_4 (including) | 7.3-update_4 (including) |
| Dxp | Liferay | 7.3-update_5 (including) | 7.3-update_5 (including) |
| Dxp | Liferay | 7.4 (including) | 7.4 (including) |
| Dxp | Liferay | 7.4-update_1 (including) | 7.4-update_1 (including) |
| Dxp | Liferay | 7.4-update_10 (including) | 7.4-update_10 (including) |
| Dxp | Liferay | 7.4-update_11 (including) | 7.4-update_11 (including) |
| Dxp | Liferay | 7.4-update_12 (including) | 7.4-update_12 (including) |
| Dxp | Liferay | 7.4-update_13 (including) | 7.4-update_13 (including) |
| Dxp | Liferay | 7.4-update_14 (including) | 7.4-update_14 (including) |
| Dxp | Liferay | 7.4-update_15 (including) | 7.4-update_15 (including) |
| Dxp | Liferay | 7.4-update_16 (including) | 7.4-update_16 (including) |
| Dxp | Liferay | 7.4-update_17 (including) | 7.4-update_17 (including) |
| Dxp | Liferay | 7.4-update_18 (including) | 7.4-update_18 (including) |
| Dxp | Liferay | 7.4-update_19 (including) | 7.4-update_19 (including) |
| Dxp | Liferay | 7.4-update_2 (including) | 7.4-update_2 (including) |
| Dxp | Liferay | 7.4-update_20 (including) | 7.4-update_20 (including) |
| Dxp | Liferay | 7.4-update_21 (including) | 7.4-update_21 (including) |
| Dxp | Liferay | 7.4-update_22 (including) | 7.4-update_22 (including) |
| Dxp | Liferay | 7.4-update_23 (including) | 7.4-update_23 (including) |
| Dxp | Liferay | 7.4-update_24 (including) | 7.4-update_24 (including) |
| Dxp | Liferay | 7.4-update_25 (including) | 7.4-update_25 (including) |
| Dxp | Liferay | 7.4-update_26 (including) | 7.4-update_26 (including) |
| Dxp | Liferay | 7.4-update_3 (including) | 7.4-update_3 (including) |
| Dxp | Liferay | 7.4-update_4 (including) | 7.4-update_4 (including) |
| Dxp | Liferay | 7.4-update_5 (including) | 7.4-update_5 (including) |
| Dxp | Liferay | 7.4-update_6 (including) | 7.4-update_6 (including) |
| Dxp | Liferay | 7.4-update_7 (including) | 7.4-update_7 (including) |
| Dxp | Liferay | 7.4-update_8 (including) | 7.4-update_8 (including) |
| Dxp | Liferay | 7.4-update_9 (including) | 7.4-update_9 (including) |
| Liferay_portal | Liferay | 7.2.0 (including) | 7.4.3.26 (excluding) |