Description

The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a site's page administration.

Remediation

References

CVE-2021-33324

Related Vulnerabilities

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce SQL Injection (4.3.0)

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

WordPress Plugin GiveWP-Donation and Fundraising Platform Cross-Site Scripting (2.3.0)

Oracle JRE CVE-2014-2420 Vulnerability (CVE-2014-2420)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Multiple Vulnerabilities (1.5.3)

Severity

Medium

Classification

CVE-2021-33324 CWE-276 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities