Description

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.

Remediation

References

CVE-2021-33333

Related Vulnerabilities

WordPress Plugin Google Analytics Dashboard Multiple Unspecified Vulnerabilities (2.0.5)

WordPress Plugin WP Product Review Lite Cross-Site Scripting (3.7.5)

WordPress Plugin Quiz Maker SQL Injection (6.5.8.3)

Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)

WordPress Plugin WP Rollback Multiple Vulnerabilities (1.2.2)

Severity

Medium

Classification

CVE-2021-33333 CWE-276 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Known Vulnerabilities