WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33325)

Description

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.

Remediation

References

Related Vulnerabilities

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Multiple Cross-Site Scripting Vulnerabilities (1.16.8)

WordPress Plugin Customer Reviews for WooCommerce Multiple Vulnerabilities (5.3.5)

Apache HTTP Server Other Vulnerability (CVE-2002-0061)

WordPress Plugin Verve Meta Boxes TimThumb Arbitrary File Upload (1.2.8)

WordPress Plugin Intuitive Custom Post Order Multiple Vulnerabilities (3.1.3)

Severity

Medium

Classification

CVE-2021-33325 CWE-312 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities