CVE-2021-38266

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 03-03-2022 12:15

Last modified: - 13-05-2022 06:02

Total changes: - 5

Description

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=liferay AND product=liferay_portal AND software_edition=community AND versionEndIncluding=7.2.1

vendor=liferay AND product=digital_experience_platform AND version=7.2 AND update=-

vendor=liferay AND product=digital_experience_platform AND version=7.2 AND update=fix_pack_1

vendor=liferay AND product=digital_experience_platform AND version=7.2 AND update=fix_pack_2

vendor=liferay AND product=digital_experience_platform AND version=7.2 AND update=fix_pack_3

vendor=liferay AND product=digital_experience_platform AND version=7.2 AND update=fix_pack_4

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_6

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_9

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_10

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_11

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_12

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=-

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_1

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_2

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_3

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_4

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_5

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_6

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_7

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=-

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_1

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_13

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_14

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_15

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_16

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_2

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_3

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_4

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_5

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_7

vendor=liferay AND product=digital_experience_platform AND version=7.1 AND update=fix_pack_8

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_10

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_11

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_12

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_13

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_14

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_15

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_16

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_17

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_18

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_19

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_20

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_21

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_22

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_23

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_24

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_25

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_26

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_27

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_28

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_29

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_30

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_31

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_32

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_33

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_34

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_35

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_36

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_37

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_38

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_39

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_40

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_41

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_42

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_43

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_44

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_45

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_46

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_47

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_8

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_9

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_48

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_49

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_50

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_51

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_52

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_53

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_54

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_55

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_56

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_57

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_58

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_59

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_60

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_61

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_62

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_63

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_64

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_65

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_66

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_67

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_68

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_69

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_70

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_71

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_72

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_73

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_74

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_75

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_76

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_77

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_78

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_79

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_80

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_81

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_82

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_83

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_84

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_85

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_86

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_87

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_88

vendor=liferay AND product=digital_experience_platform AND version=7.0 AND update=fix_pack_89

Reference

Keywords

CVE-2021-38266

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-38266

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures