Description
A bug in Liferay Portal CE 7.1 CE allows any authenticated user to change the password of another user, including an administrator. Once a user has access to an administrator account, a full system compromise is possible.
Severity
Severity 1
Fixed Version(s)
Publication date: Thu, 31 Jan 2019 01:13:00 +0000