The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
2023-08-02T10:15:09.887
2024-11-21T08:17:14.497
Modified
CVSSv3.1: 4.3 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | liferay | digital_experience_platform | 7.4 | Yes |
| Application | liferay | digital_experience_platform | 7.4 | Yes |
| Application | liferay | digital_experience_platform | 7.4 | Yes |
| Application | liferay | digital_experience_platform | 7.4 | Yes |
| Application | liferay | digital_experience_platform | 7.4 | Yes |
| Application | liferay | liferay_portal | ≤ 7.4.3.85 | Yes |