Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.
CPE | Name | Operator | Version |
---|---|---|---|
dxp | eq | 7.2 fixpack2 | |
dxp | eq | 7.2 fixpack3 | |
dxp | eq | 7.2 fixpack4 | |
dxp | eq | 7.2 fixpack5 | |
dxp | eq | 7.2 fixpack1 | |
dxp | eq | 7.1 fixpack6 | |
dxp | eq | 7.1 fixpack7 | |
dxp | eq | 7.1 fixpack8 | |
dxp | eq | 7.1 fixpack9 | |
dxp | eq | 7.1 fixpack10 |