Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-3136

All users have access to the Company JSON service

    Details

      Description

      All users have access to the Company JSON service and can access the getCompanyBy*() and updateCompany() methods regardless of permission.

      Note: This issue does not affect 5.1 EE, however, the additional security measures have also been added to 5.1 EE to prevent any similar, potential security issues in 5.1 EE.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              paul.piao Paul Piao (Inactive)
              Reporter:
              brian.chan Brian Chan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Packages

                  Version Package
                  5.1 EE SP6 (5.1.9)
                  5.2 EE SP5 (5.2.9)
                  6.0 EE (6.0.10)