Description
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API.
Remediation
References
Related Vulnerabilities
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-3554)
phpMyFAQ Uncaught Exception Vulnerability (CVE-2023-0790)
Oracle Database Server CVE-2014-4245 Vulnerability (CVE-2014-4245)
WordPress Plugin Affiliates Manager Unspecified Vulnerability (2.7.7)
WordPress Plugin Genesis Simple Share Cross-Site Scripting (1.0.6)