3 matches found
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the OrganizationItemSelectorViewDisplayContext class. An attacker can list organizations by sending crafted requests as an authenticated user. Remediation Upgrade...
CVE-2025-43788
The CVE-2025-43788 entry affects Liferay Portal 7.4.0–7.4.3.124 and Liferay DXP 2024.Q1.1–2024.Q1.12 and 7.4 update 81–85. The root cause is that the organization selector does not enforce user permissions, allowing remote authenticated users to obtain a list of all organizations. Practical impac...
PT-2023-24782
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.81 through 7.4.3.85 Liferay DXP 7.4 update 81 through 85 Description The organization selector does not check user permission, allowing remote authenticated users to obtain a list of all organizations...