CVE-2021-38266

EPSS 1.85%
Veröffentlicht 02.03.2022 23:15:08
Zuletzt bearbeitet 21.11.2024 06:16:42
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Liferay Portal SwEditioncommunity Version <= 7.2.1

Liferay ≫ Digital Experience Platform Version7.0 Update-

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_10

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_11

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_12

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_13

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_14

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_15

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_16

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_17

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_18

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_19

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_20

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_21

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_22

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_23

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_24

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_25

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_26

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_27

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_28

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_29

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_30

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_31

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_32

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_33

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_34

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_35

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_36

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_37

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_38

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_39

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_4

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_40

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_41

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_42

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_43

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_44

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_45

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_46

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_47

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_48

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_49

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_5

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_50

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_51

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_52

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_53

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_54

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_55

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_56

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_57

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_58

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_59

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_6

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_60

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_61

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_62

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_63

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_64

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_65

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_66

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_67

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_68

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_69

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_7

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_70

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_71

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_72

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_73

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_74

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_75

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_76

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_77

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_78

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_79

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_8

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_80

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_81

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_82

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_83

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_84

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_85

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_86

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_87

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_88

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_89

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_9

Liferay ≫ Digital Experience Platform Version7.1 Update-

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_10

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_11

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_12

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_13

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_14

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_15

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_16

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_4

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_5

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_6

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_7

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_8

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_9

Liferay ≫ Digital Experience Platform Version7.2 Update-

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.85%	0.825

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

http://liferay.com

Vendor Advisory

https://issues.liferay.com/browse/LPE-17191

Vendor Advisory

Issue Tracking

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38266

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-38266

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38266

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38266

EUVD