Description
Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.
Remediation
References
Related Vulnerabilities
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2020-11027)
WordPress Plugin Real WYSIWYG 'insert_file.php' Arbitrary File Upload (0.0.2)
MediaWiki Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-40596)