Maven package
com.liferay/com.liferay.portal.security.ldap.impl
pkg:maven/com.liferay/com.liferay.portal.security.ldap.impl
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62262 | — | >= 4.0.2, < 4.0.54 | 4.0.54 | Oct 27, 2025 | Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions all | ||
| CVE-2021-38266 | — | < 2.0.19 | 2.0.19 | Mar 2, 2022 | The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by at |
- CVE-2025-62262Oct 27, 2025affected >= 4.0.2, < 4.0.54fixed 4.0.54
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions all
- CVE-2021-38266Mar 2, 2022affected < 2.0.19fixed 2.0.19
The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and 7.2 before fix pack 5 does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating by at