Description
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
Remediation
References
Related Vulnerabilities
WordPress Plugin Login as User or Customer Privilege Escalation (3.2)
ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)
Oracle Database Server CVE-2012-0082 Vulnerability (CVE-2012-0082)
Atlassian Jira CVE-2019-20404 Vulnerability (CVE-2019-20404)