Количество 2
Количество 2
CVE-2021-38266
The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.
GHSA-jp3m-vh3g-6ggp
Liferay Portal and Liferay DXP fails to properly import users from LDAP
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-38266 The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP. | CVSS3: 7.5 | 2% Низкий | почти 4 года назад |
| GHSA-jp3m-vh3g-6ggp Liferay Portal and Liferay DXP fails to properly import users from LDAP | CVSS3: 7.5 | 2% Низкий | почти 4 года назад |
Уязвимостей на страницу