Description
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2009-3415 Vulnerability (CVE-2009-3415)
WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.6.2)
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)
MySQL CVE-2018-3061 Vulnerability (CVE-2018-3061)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler PHP Object Injection (5.7.0)