Description
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
Remediation
References
Related Vulnerabilities
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)
phpMyFAQ Insufficient Session Expiration Vulnerability (CVE-2023-5865)
WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-33359)