Description
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10186)
WordPress Plugin Improved user search in backend Cross-Site Request Forgery (1.2.4)
WordPress Plugin DJ EmailPublish Cross-Site Scripting (1.7.2)
Oracle Database Server CVE-2007-2110 Vulnerability (CVE-2007-2110)
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)