Description

Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.

Remediation

References

CVE-2021-38266

Related Vulnerabilities

Python Other Vulnerability (CVE-2016-3189)

Joomla! Core 3.x.x Open Redirect (3.0.0 - 3.9.20)

WordPress Plugin Import any XML or CSV File to WordPress Cross-Site Scripting (3.4.6)

Ruby on Rails Resource Management Errors Vulnerability (CVE-2015-7581)

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37063)

Severity

High

Classification

CVE-2021-38266 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities