← Back

CVE-2021-33327

nvd nist
Published: Aug 3, 2021Modified: May 13, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled.

Affected (12)

Liferay
2 products
Digital Experience Platform
Liferay Portal
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Digital Experience Platform
Version 7.0 fix_pack_93
Digital Experience Platform
Version 7.0 fix_pack_94
Digital Experience Platform
Version 7.1 fix_pack_18
Digital Experience Platform
Version 7.2
Digital Experience Platform
Version 7.2 fix_pack_1
Digital Experience Platform
Version 7.2 fix_pack_2
Digital Experience Platform
Version 7.2 fix_pack_3
Digital Experience Platform
Version 7.2 fix_pack_4
Digital Experience Platform
Version 7.2 fix_pack_5
Digital Experience Platform
Version 7.2 fix_pack_6
Digital Experience Platform
Version 7.2 fix_pack_7
Liferay Portal
From 7.2.0 to 7.3.4

Related CWEs

CWE-276
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory

Timeline

No history available yet.