WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)

Description

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

Remediation

References

Related Vulnerabilities

WordPress Plugin Visual Composer:Page Builder for WordPress Local File Inclusion (5.1)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0273)

WordPress Plugin WP ULike Cross-Site Scripting (3.1)

Plone CMS Resource Management Errors Vulnerability (CVE-2012-5496)

Elgg Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3733)

Severity

Medium

Classification

CVE-2021-33324 CWE-276 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities