Description
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2013-5764 Vulnerability (CVE-2013-5764)
MSSQL information disclosure vulnerability (CVE-2019-0819)
MySQL CVE-2019-2566 Vulnerability (CVE-2019-2566)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-5540)
Oracle Application Server CVE-2006-0435 Vulnerability (CVE-2006-0435)