Horizon Alert
Summary of the vulnerability and why it matters
This advisory concerns a critical SQL injection vulnerability found in Liferay Portal and DXP. The flaw could allow unauthenticated attackers to execute arbitrary SQL commands, potentially impacting data integrity and system availability. The main concern is confirming relevance and exposure to Liferay products within our environment.
- SQL injection allows attackers to run commands.
- Critical flaw affects widely used Liferay products.
- Confirm if Liferay products are in use.
Attack Path
How an attacker could exploit the issue
An attacker can exploit this vulnerability by sending specially crafted requests to the Liferay Portal or DXP. Since no authentication is required, an attacker could target any exposed instance. The vulnerability lies within the Fragment module, specifically in how it handles the `namespace` attribute of `PortletPreferences`. Successful exploitation allows an attacker to inject and execute arbitrary SQL commands, potentially leading to the compromise of sensitive data or the modification of database content.
- No authentication required to access.
- Triggered via `PortletPreferences` `namespace` attribute.
- Risk: Arbitrary SQL command execution.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability could allow an attacker to execute arbitrary SQL commands by manipulating a `namespace` attribute within PortletPreferences. When this attribute is not properly sanitized, it could lead to unauthorized access and modification of the underlying database.
- Sensitive database information.
- SQL injection via `namespace` attribute.
- Compromise of data integrity and availability.
Operational Fix
Recommended remediation, mitigation, and detection steps
This SQL injection vulnerability impacts Liferay Portal and DXP installations, potentially allowing attackers to execute arbitrary SQL commands. The first practical step involves identifying all instances of the affected Liferay technology, determining their business criticality and external reachability, and then locating the accountable owners to plan remediation.
- Assign ownership to Liferay administrators.
- Verify external reachability and business criticality.
- Plan remediation with the vendor.