3 matches found
Information Disclosure
com.liferay:com.liferay.portal.security.audit.event.generators.user.management is vulnerable to Information Disclosure. The vulnerability is due to audit events recording users’ password reminder answers in audit logs, which allows remote authenticated users to retrieve those answers via the audi...
CVE-2021-29038
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows attackers to use man-in-the-middle or shoulder surfing attacks t...
Liferay Portal and Liferay DXP Security Vulnerabilities
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...