Description
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal and Liferay DXP allows local users to view user email address in the log files.
Severity
4.6 (CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N)
Affected Version(s)
- Liferay Portal 7.0.0 through 7.4.3.97
- Liferay DXP 2023.Q3.1 through 2023.Q3.4
- Liferay DXP 7.4
- Liferay DXP 7.3 GA through U35
- And older unsupported versions
Fixed Version(s)
- Liferay Portal 7.4.3.98
- Liferay DXP 2024.Q1.1
- Liferay DXP 2023.Q4.0
- Liferay DXP 2023.Q3.5
- Liferay DXP 7.3 U36
Publication date: Mon, 27 Oct 2025 08:35:00 +0000