BIT-liferay-2021-38266
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2021-38266.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-liferay-2021-38266
- Aliases
- Published
- 2024-01-31T15:22:00.200Z
- Modified
- 2025-07-14T21:29:52.454787Z
- Summary
- [none]
- Details
-
The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.
- Database specific
{ "severity": "High", "cpes": [ "cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_10:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_11:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_12:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_15:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_16:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_17:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_18:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_19:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_20:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_21:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_22:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_23:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_24:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_25:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_26:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_27:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_28:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_29:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_30:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_31:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_32:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_33:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_34:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_35:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_36:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_37:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_38:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_39:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_40:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_41:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_42:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_43:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_44:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_45:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_46:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_47:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_48:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_49:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_50:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_51:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_52:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_53:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_54:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_55:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_56:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_57:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_58:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_59:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_60:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_61:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_62:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_63:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_64:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_65:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_66:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_67:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_68:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_69:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_70:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_71:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_72:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_73:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_74:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_75:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_76:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_77:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_78:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_79:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_80:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_81:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_82:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_83:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_84:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_85:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_86:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_87:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_88:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_89:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_8:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_9:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*" ] }- References
Affected packages
Bitnami / liferay
Package
- Name
- liferay
- Purl
- pkg:bitnami/liferay
Severity
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Affected ranges
- Type
- SEMVER
- Events
-
Introduced7.0.0Last affected7.0.0Introduced7.1.0Last affected7.1.0Introduced7.2.0Last affected7.2.0
- Type
- SEMVER
- Events
-
Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.0-fix.0Last affected7.0-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.1-fix.0Last affected7.1-fix.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0Introduced7.2-fix.0Last affected7.2-fix.0