Improper Access Control
liferay-portal is vulnerable to an Improper Access Control. The vulnerability is due to virtual products being saved with guest view permissions, where the Commerce component stores uploaded product files in Documents and Media without restricting access. An attacker can exploit this by requestin...