These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2020-7961 is a Liferay Portal deserialization of untrusted data vulnerability that CISA added to its Known Exploited Vulnerabilities catalog. The KEV record directs defenders to apply updates per vendor instructions, making patching and verification the immediate priority.
CVE-2016-6517 is a critical directory traversal vulnerability affecting Liferay 5.1.0. According to NVD, a remote attacker can use an encoded dot-dot sequence (%2E%2E) in the minifierBundleDir parameter to barebone.jsp, with unspecified impact. NVD assigns a CVSS 3.0 score of 9.8 and identifies CWE-22 (Path Traversal).
CVE-2010-5327 is a high-severity authenticated remote code execution issue in Liferay Portal. According to the NVD record, an attacker with valid credentials can abuse a crafted Velocity template to execute arbitrary shell commands. The vulnerable range is listed as Liferay Portal through 6.2.10. The NVD CVSS 3.0 vector rates this as network-exploitable with low attack complexity and high impact to confid [truncated]