CVE-2021-38266

Published: Mar 2, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.

Affected (113)

Products: Liferay: Liferay Portal, Digital Experience Platform

Liferay

2 products

Liferay Portal

Digital Experience Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Liferay Liferay Portal	Up to 7.2.1

Configuration B

112 vulnerable

Vulnerable Software	Affected Versions
Liferay Digital Experience Platform	Version 7.0
Liferay Digital Experience Platform	Version 7.0 fix_pack_10
Liferay Digital Experience Platform	Version 7.0 fix_pack_11
Liferay Digital Experience Platform	Version 7.0 fix_pack_12
Liferay Digital Experience Platform	Version 7.0 fix_pack_13
Liferay Digital Experience Platform	Version 7.0 fix_pack_14
Liferay Digital Experience Platform	Version 7.0 fix_pack_15
Liferay Digital Experience Platform	Version 7.0 fix_pack_16
Liferay Digital Experience Platform	Version 7.0 fix_pack_17
Liferay Digital Experience Platform	Version 7.0 fix_pack_18
Liferay Digital Experience Platform	Version 7.0 fix_pack_19
Liferay Digital Experience Platform	Version 7.0 fix_pack_1
Liferay Digital Experience Platform	Version 7.0 fix_pack_20
Liferay Digital Experience Platform	Version 7.0 fix_pack_21
Liferay Digital Experience Platform	Version 7.0 fix_pack_22
Liferay Digital Experience Platform	Version 7.0 fix_pack_23
Liferay Digital Experience Platform	Version 7.0 fix_pack_24
Liferay Digital Experience Platform	Version 7.0 fix_pack_25
Liferay Digital Experience Platform	Version 7.0 fix_pack_26
Liferay Digital Experience Platform	Version 7.0 fix_pack_27
Liferay Digital Experience Platform	Version 7.0 fix_pack_28
Liferay Digital Experience Platform	Version 7.0 fix_pack_29
Liferay Digital Experience Platform	Version 7.0 fix_pack_2
Liferay Digital Experience Platform	Version 7.0 fix_pack_30
Liferay Digital Experience Platform	Version 7.0 fix_pack_31
Liferay Digital Experience Platform	Version 7.0 fix_pack_32
Liferay Digital Experience Platform	Version 7.0 fix_pack_33
Liferay Digital Experience Platform	Version 7.0 fix_pack_34
Liferay Digital Experience Platform	Version 7.0 fix_pack_35
Liferay Digital Experience Platform	Version 7.0 fix_pack_36
Liferay Digital Experience Platform	Version 7.0 fix_pack_37
Liferay Digital Experience Platform	Version 7.0 fix_pack_38
Liferay Digital Experience Platform	Version 7.0 fix_pack_39
Liferay Digital Experience Platform	Version 7.0 fix_pack_3
Liferay Digital Experience Platform	Version 7.0 fix_pack_40
Liferay Digital Experience Platform	Version 7.0 fix_pack_41
Liferay Digital Experience Platform	Version 7.0 fix_pack_42
Liferay Digital Experience Platform	Version 7.0 fix_pack_43
Liferay Digital Experience Platform	Version 7.0 fix_pack_44
Liferay Digital Experience Platform	Version 7.0 fix_pack_45
Liferay Digital Experience Platform	Version 7.0 fix_pack_46
Liferay Digital Experience Platform	Version 7.0 fix_pack_47
Liferay Digital Experience Platform	Version 7.0 fix_pack_48
Liferay Digital Experience Platform	Version 7.0 fix_pack_49
Liferay Digital Experience Platform	Version 7.0 fix_pack_4
Liferay Digital Experience Platform	Version 7.0 fix_pack_50
Liferay Digital Experience Platform	Version 7.0 fix_pack_51
Liferay Digital Experience Platform	Version 7.0 fix_pack_52
Liferay Digital Experience Platform	Version 7.0 fix_pack_53
Liferay Digital Experience Platform	Version 7.0 fix_pack_54
Liferay Digital Experience Platform	Version 7.0 fix_pack_55
Liferay Digital Experience Platform	Version 7.0 fix_pack_56
Liferay Digital Experience Platform	Version 7.0 fix_pack_57
Liferay Digital Experience Platform	Version 7.0 fix_pack_58
Liferay Digital Experience Platform	Version 7.0 fix_pack_59
Liferay Digital Experience Platform	Version 7.0 fix_pack_5
Liferay Digital Experience Platform	Version 7.0 fix_pack_60
Liferay Digital Experience Platform	Version 7.0 fix_pack_61
Liferay Digital Experience Platform	Version 7.0 fix_pack_62
Liferay Digital Experience Platform	Version 7.0 fix_pack_63
Liferay Digital Experience Platform	Version 7.0 fix_pack_64
Liferay Digital Experience Platform	Version 7.0 fix_pack_65
Liferay Digital Experience Platform	Version 7.0 fix_pack_66
Liferay Digital Experience Platform	Version 7.0 fix_pack_67
Liferay Digital Experience Platform	Version 7.0 fix_pack_68
Liferay Digital Experience Platform	Version 7.0 fix_pack_69
Liferay Digital Experience Platform	Version 7.0 fix_pack_6
Liferay Digital Experience Platform	Version 7.0 fix_pack_70
Liferay Digital Experience Platform	Version 7.0 fix_pack_71
Liferay Digital Experience Platform	Version 7.0 fix_pack_72
Liferay Digital Experience Platform	Version 7.0 fix_pack_73
Liferay Digital Experience Platform	Version 7.0 fix_pack_74
Liferay Digital Experience Platform	Version 7.0 fix_pack_75
Liferay Digital Experience Platform	Version 7.0 fix_pack_76
Liferay Digital Experience Platform	Version 7.0 fix_pack_77
Liferay Digital Experience Platform	Version 7.0 fix_pack_78
Liferay Digital Experience Platform	Version 7.0 fix_pack_79
Liferay Digital Experience Platform	Version 7.0 fix_pack_7
Liferay Digital Experience Platform	Version 7.0 fix_pack_80
Liferay Digital Experience Platform	Version 7.0 fix_pack_81
Liferay Digital Experience Platform	Version 7.0 fix_pack_82
Liferay Digital Experience Platform	Version 7.0 fix_pack_83
Liferay Digital Experience Platform	Version 7.0 fix_pack_84
Liferay Digital Experience Platform	Version 7.0 fix_pack_85
Liferay Digital Experience Platform	Version 7.0 fix_pack_86
Liferay Digital Experience Platform	Version 7.0 fix_pack_87
Liferay Digital Experience Platform	Version 7.0 fix_pack_88
Liferay Digital Experience Platform	Version 7.0 fix_pack_89
Liferay Digital Experience Platform	Version 7.0 fix_pack_8
Liferay Digital Experience Platform	Version 7.0 fix_pack_9
Liferay Digital Experience Platform	Version 7.1
Liferay Digital Experience Platform	Version 7.1 fix_pack_10
Liferay Digital Experience Platform	Version 7.1 fix_pack_11
Liferay Digital Experience Platform	Version 7.1 fix_pack_12
Liferay Digital Experience Platform	Version 7.1 fix_pack_13
Liferay Digital Experience Platform	Version 7.1 fix_pack_14
Liferay Digital Experience Platform	Version 7.1 fix_pack_15
Liferay Digital Experience Platform	Version 7.1 fix_pack_16
Liferay Digital Experience Platform	Version 7.1 fix_pack_1
Liferay Digital Experience Platform	Version 7.1 fix_pack_2
Liferay Digital Experience Platform	Version 7.1 fix_pack_3
Liferay Digital Experience Platform	Version 7.1 fix_pack_4
Liferay Digital Experience Platform	Version 7.1 fix_pack_5
Liferay Digital Experience Platform	Version 7.1 fix_pack_6
Liferay Digital Experience Platform	Version 7.1 fix_pack_7
Liferay Digital Experience Platform	Version 7.1 fix_pack_8
Liferay Digital Experience Platform	Version 7.1 fix_pack_9
Liferay Digital Experience Platform	Version 7.2
Liferay Digital Experience Platform	Version 7.2 fix_pack_1
Liferay Digital Experience Platform	Version 7.2 fix_pack_2
Liferay Digital Experience Platform	Version 7.2 fix_pack_3
Liferay Digital Experience Platform	Version 7.2 fix_pack_4