WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)

Description

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

Remediation

References

Related Vulnerabilities

MySQL CVE-2004-0957 Vulnerability (CVE-2004-0957)

IBM WebSEAL Improper Authentication Vulnerability (CVE-2018-1443)

WordPress Plugin Slimstat Analytics Cross-Site Scripting (5.0.8)

WordPress Plugin Autoptimize Cross-Site Scripting (2.8.3)

WordPress Plugin Galleries by Angie Makes Cross-Site Scripting (1.67)

Severity

Medium

Classification

CVE-2021-33324 CWE-276 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities