CVE-2021-38266

Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.

Original Article

Leave a Reply

Your email address will not be published. Required fields are marked *