False Security Issue in FCKEditor and Liferay 6.x Reported as CVE-2018-10795

Recently, a security vulnerability was filed in Mitre under CVE-2018-10795 reporting an issue in FCKEditor and Liferay Portal 6.x versions.

Resolution

Liferay disputed this issue because file upload is an expected feature, subject to Role-Based Access Control checks where only authenticated users with proper permissions can upload files.

Liferay has also analyzed the report which does not contain steps to reproduce the vulnerability (to exploit it) so no other parties can prove there is such a vulnerability in the product.

Was this article helpful?
1 out of 1 found this helpful