Description
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
Remediation
References
Related Vulnerabilities
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)
Zikula Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2293)
MySQL CVE-2014-6520 Vulnerability (CVE-2014-6520)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3387)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46243)