Issue
How can I mitigate vulnerability CVE-2022-41853 regarding Liferay DXP?
Environment
- Liferay Portal 6.2 EE
- Liferay DXP 7.0
- Liferay DXP 7.1
- Liferay DXP 7.2
- Liferay DXP 7.3
Resolution
- CVE-2022-41853 : This vulnerability has been fully fixed with the following LPS-165641
Additional Information
- If the hotfix is required for these concerns, please create a support ticket requesting the hotfix by attaching the patch details.
- Installing Fix Packs and Hotfixes on Liferay DXP will guide you to install the Fixpack/Hotfix in your environment.
- To validate hotfix application and HSQL version:
-
- Access to {Liferay_Home}/tomcat/lib/ext do a search for hsql.jar.
- Unzip hsql.jar, access the /META-INF folder and open the MANIFEST.MF file
- Check that the library version is: Implementation-Version: 2.7.1
-