Maven/Com.liferay/Com.liferay.portal.security.ldap.impl

Advisories for Maven/Com.liferay/Com.liferay.portal.security.ldap.impl package

2025

Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users to view user email address in the log files.

2022

Liferay Portal and Liferay DXP fails to properly import users from LDAP

Security LDAP Implementation before 2.0.16 from Liferay Portal through v7.2.1 and Liferay DXP through v7.2 does not correctly import users from LDAP, allowing remote attackers to prevent a legitimate user from authenticating by attempting to sign in as a user that exists in LDAP.