Description

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.

Remediation

References

CVE-2021-33333

Related Vulnerabilities

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4921)

Dolibarr Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-25957)

MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)

MySQL CVE-2018-2645 Vulnerability (CVE-2018-2645)

WordPress Plugin Photo Gallery by Supsystic Multiple Vulnerabilities (1.8.5)

Severity

Medium

Classification

CVE-2021-33333 CWE-276

Tags

Missing Update Known Vulnerabilities