Description
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
Remediation
References
Related Vulnerabilities
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2005-0244)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4191)
MySQL CVE-2017-10276 Vulnerability (CVE-2017-10276)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2531)