Sahil Mehra

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.2.0 through 7.4.2 Liferay DXP 7.3 before update 4 Liferay DXP 7.2 before fix pack 19 **Description** The issue allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. This is an information disclosure vulnerability in the Control Panel. **Recommendations** For Liferay Portal versions 7.2.0 through 7.4.2, update to a version outside of this range to resolve the issue. For Liferay DXP 7.3, apply update 4 or later. For Liferay DXP 7.2, apply fix pack 19 or later. As a temporary workaround, consider restricting access to the Control Panel to minimize the risk of exploitation.