Vulnerabilities > CVE-2021-38266 - Unspecified vulnerability in Liferay Portal

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

liferay

NVD

Published: 2022-03-02

Updated: 2022-05-13

Summary

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.

Vulnerable Configurations

Part	Description	Count
Application	Liferay Liferay Liferay Portal 6.0.0 Liferay Liferay Portal 6.0.5 Liferay Liferay Portal 6.0.6 Liferay Liferay Portal 6.1.0 Liferay Liferay Portal 6.1.1 Liferay Liferay Portal 6.1.2 Liferay Liferay Portal 6.2.0 Liferay Liferay Portal 6.2.1 Liferay Liferay Portal 6.2.2 Liferay Liferay Portal 6.2.3 Liferay Liferay Portal 6.2.4 Liferay Liferay Portal 6.2.5 Liferay Liferay Portal 7.0.0 Liferay Liferay Portal 7.0.1 Liferay Liferay Portal 7.0.2 Liferay Liferay Portal 7.0.3 Liferay Liferay Portal 7.0.3_Ga4 Liferay Liferay Portal 7.0.4 Liferay Liferay Portal 7.0.5 Liferay Liferay Portal 7.0.6 Liferay Liferay Portal 7.1 Liferay Liferay Portal 7.1.0 Liferay Liferay Portal 7.1.1 Liferay Liferay Portal 7.1.2 Liferay Liferay Portal 7.1.3 Liferay Liferay Portal 7.2 Liferay Liferay Portal 7.2.0 Liferay Liferay Portal 7.2.1 Liferay Digital Experience Platform 7.2 Liferay Digital Experience Platform 7.1 Liferay Digital Experience Platform 7.0	202

Summary

Vulnerable Configurations

References