Lucene search

MitreCVE-2021-38266

HistoryMar 02, 2022 - 11:15 p.m.

CVE-2021-38266

2022-03-0223:15:08

mitre

web.nvd.nist.gov

cve-2021-38266

liferay portal

ldap

security vulnerability

user authentication

remote attackers

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

72.0%

JSON

The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exist in LDAP.

Affected configurations

Nvd

Node

liferayliferay_portalRange≤7.2.1community

Node

liferaydigital_experience_platformMatch7.0-

liferaydigital_experience_platformMatch7.0fix_pack_1

liferaydigital_experience_platformMatch7.0fix_pack_10

liferaydigital_experience_platformMatch7.0fix_pack_11

liferaydigital_experience_platformMatch7.0fix_pack_12

liferaydigital_experience_platformMatch7.0fix_pack_13

liferaydigital_experience_platformMatch7.0fix_pack_14

liferaydigital_experience_platformMatch7.0fix_pack_15

liferaydigital_experience_platformMatch7.0fix_pack_16

liferaydigital_experience_platformMatch7.0fix_pack_17

liferaydigital_experience_platformMatch7.0fix_pack_18

liferaydigital_experience_platformMatch7.0fix_pack_19

liferaydigital_experience_platformMatch7.0fix_pack_2

liferaydigital_experience_platformMatch7.0fix_pack_20

liferaydigital_experience_platformMatch7.0fix_pack_21

liferaydigital_experience_platformMatch7.0fix_pack_22

liferaydigital_experience_platformMatch7.0fix_pack_23

liferaydigital_experience_platformMatch7.0fix_pack_24

liferaydigital_experience_platformMatch7.0fix_pack_25

liferaydigital_experience_platformMatch7.0fix_pack_26

liferaydigital_experience_platformMatch7.0fix_pack_27

liferaydigital_experience_platformMatch7.0fix_pack_28

liferaydigital_experience_platformMatch7.0fix_pack_29

liferaydigital_experience_platformMatch7.0fix_pack_3

liferaydigital_experience_platformMatch7.0fix_pack_30

liferaydigital_experience_platformMatch7.0fix_pack_31

liferaydigital_experience_platformMatch7.0fix_pack_32

liferaydigital_experience_platformMatch7.0fix_pack_33

liferaydigital_experience_platformMatch7.0fix_pack_34

liferaydigital_experience_platformMatch7.0fix_pack_35

liferaydigital_experience_platformMatch7.0fix_pack_36

liferaydigital_experience_platformMatch7.0fix_pack_37

liferaydigital_experience_platformMatch7.0fix_pack_38

liferaydigital_experience_platformMatch7.0fix_pack_39

liferaydigital_experience_platformMatch7.0fix_pack_4

liferaydigital_experience_platformMatch7.0fix_pack_40

liferaydigital_experience_platformMatch7.0fix_pack_41

liferaydigital_experience_platformMatch7.0fix_pack_42

liferaydigital_experience_platformMatch7.0fix_pack_43

liferaydigital_experience_platformMatch7.0fix_pack_44

liferaydigital_experience_platformMatch7.0fix_pack_45

liferaydigital_experience_platformMatch7.0fix_pack_46

liferaydigital_experience_platformMatch7.0fix_pack_47

liferaydigital_experience_platformMatch7.0fix_pack_48

liferaydigital_experience_platformMatch7.0fix_pack_49

liferaydigital_experience_platformMatch7.0fix_pack_5

liferaydigital_experience_platformMatch7.0fix_pack_50

liferaydigital_experience_platformMatch7.0fix_pack_51

liferaydigital_experience_platformMatch7.0fix_pack_52

liferaydigital_experience_platformMatch7.0fix_pack_53

liferaydigital_experience_platformMatch7.0fix_pack_54

liferaydigital_experience_platformMatch7.0fix_pack_55

liferaydigital_experience_platformMatch7.0fix_pack_56

liferaydigital_experience_platformMatch7.0fix_pack_57

liferaydigital_experience_platformMatch7.0fix_pack_58

liferaydigital_experience_platformMatch7.0fix_pack_59

liferaydigital_experience_platformMatch7.0fix_pack_6

liferaydigital_experience_platformMatch7.0fix_pack_60

liferaydigital_experience_platformMatch7.0fix_pack_61

liferaydigital_experience_platformMatch7.0fix_pack_62

liferaydigital_experience_platformMatch7.0fix_pack_63

liferaydigital_experience_platformMatch7.0fix_pack_64

liferaydigital_experience_platformMatch7.0fix_pack_65

liferaydigital_experience_platformMatch7.0fix_pack_66

liferaydigital_experience_platformMatch7.0fix_pack_67

liferaydigital_experience_platformMatch7.0fix_pack_68

liferaydigital_experience_platformMatch7.0fix_pack_69

liferaydigital_experience_platformMatch7.0fix_pack_7

liferaydigital_experience_platformMatch7.0fix_pack_70

liferaydigital_experience_platformMatch7.0fix_pack_71

liferaydigital_experience_platformMatch7.0fix_pack_72

liferaydigital_experience_platformMatch7.0fix_pack_73

liferaydigital_experience_platformMatch7.0fix_pack_74

liferaydigital_experience_platformMatch7.0fix_pack_75

liferaydigital_experience_platformMatch7.0fix_pack_76

liferaydigital_experience_platformMatch7.0fix_pack_77

liferaydigital_experience_platformMatch7.0fix_pack_78

liferaydigital_experience_platformMatch7.0fix_pack_79

liferaydigital_experience_platformMatch7.0fix_pack_8

liferaydigital_experience_platformMatch7.0fix_pack_80

liferaydigital_experience_platformMatch7.0fix_pack_81

liferaydigital_experience_platformMatch7.0fix_pack_82

liferaydigital_experience_platformMatch7.0fix_pack_83

liferaydigital_experience_platformMatch7.0fix_pack_84

liferaydigital_experience_platformMatch7.0fix_pack_85

liferaydigital_experience_platformMatch7.0fix_pack_86

liferaydigital_experience_platformMatch7.0fix_pack_87

liferaydigital_experience_platformMatch7.0fix_pack_88

liferaydigital_experience_platformMatch7.0fix_pack_89

liferaydigital_experience_platformMatch7.0fix_pack_9

liferaydigital_experience_platformMatch7.1-

liferaydigital_experience_platformMatch7.1fix_pack_1

liferaydigital_experience_platformMatch7.1fix_pack_10

liferaydigital_experience_platformMatch7.1fix_pack_11

liferaydigital_experience_platformMatch7.1fix_pack_12

liferaydigital_experience_platformMatch7.1fix_pack_13

liferaydigital_experience_platformMatch7.1fix_pack_14

liferaydigital_experience_platformMatch7.1fix_pack_15

liferaydigital_experience_platformMatch7.1fix_pack_16

liferaydigital_experience_platformMatch7.1fix_pack_2

liferaydigital_experience_platformMatch7.1fix_pack_3

liferaydigital_experience_platformMatch7.1fix_pack_4

liferaydigital_experience_platformMatch7.1fix_pack_5

liferaydigital_experience_platformMatch7.1fix_pack_6

liferaydigital_experience_platformMatch7.1fix_pack_7

liferaydigital_experience_platformMatch7.1fix_pack_8

liferaydigital_experience_platformMatch7.1fix_pack_9

liferaydigital_experience_platformMatch7.2-

liferaydigital_experience_platformMatch7.2fix_pack_1

liferaydigital_experience_platformMatch7.2fix_pack_2

liferaydigital_experience_platformMatch7.2fix_pack_3

liferaydigital_experience_platformMatch7.2fix_pack_4

VendorProductVersionCPE
liferayliferay_portal*cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_1:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_10:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_11:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_12:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_15:*:*:*:*:*:*
liferaydigital_experience_platform7.0cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_16:*:*:*:*:*:*

Vendor	Product	Version	CPE
liferay	liferay_portal	*	cpe:2.3:a:liferay:liferay_portal:::::community:::*
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:-::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_1::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_10::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_11::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_12::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_15::::::
liferay	digital_experience_platform	7.0	cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_16::::::

Rows per page:

1-10 of 1131

References

liferay.com

issues.liferay.com/browse/LPE-17191

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2021-38266

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

72.0%

JSON

Related for CVE-2021-38266