Description

Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.

Remediation

References

CVE-2021-38266

Related Vulnerabilities

MySQL CVE-2016-8284 Vulnerability (CVE-2016-8284)

PHP Other Vulnerability (CVE-2007-1378)

IBMHttpServer Improper Input Validation Vulnerability (CVE-2023-26281)

Apache HTTP Server Cryptographic Issues Vulnerability (CVE-2016-0736)

WordPress Plugin Mass Pages/Posts Creator Cross-Site Scripting (1.2.2)

Severity

High

Classification

CVE-2021-38266 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities