The Portal Security module in Liferay Portal 7.2.1 and previous versions, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote malicious users to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay liferay portal |
||
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay digital experience platform 7.0 |