Can Liferay be affected by the IceApple framework?


  • CrowdStrike’s Falcon Overwatch has discovered a malicious framework that targets Microsoft  Exchange servers but it can also run under IIS web applications. It can let attackers discover relevant machines on networks, steal credentials, delete files & directories, and exfiltrate valuable data.
  • Does Liferay use any of these servers or web applications that can be vulnerable to it?


  • Liferay DXP 7.0+


  • As Liferay doesn't use Microsoft Exchange or IIS web servers, it is not vulnerable to this exploit
  • We also don't use any Microsoft technologies in the GCP (Google Cloud Platform) backend either, so LXC environments are safe as well

Additional Information

0 人中有 0 人觉得有帮助