Can Liferay be affected by the IceApple framework?

Issue

  • CrowdStrike’s Falcon Overwatch has discovered a malicious framework that targets Microsoft  Exchange servers but it can also run under IIS web applications. It can let attackers discover relevant machines on networks, steal credentials, delete files & directories, and exfiltrate valuable data.
  • Does Liferay use any of these servers or web applications that can be vulnerable to it?

Environment

  • Liferay DXP 7.0+

Resolution

  • As Liferay doesn't use Microsoft Exchange or IIS web servers, it is not vulnerable to this exploit
  • We also don't use any Microsoft technologies in the GCP (Google Cloud Platform) backend either, so LXC environments are safe as well

Additional Information

这篇文章有帮助吗?
0 人中有 0 人觉得有帮助