CVE-2021-33333

Published: Aug 3, 2021Modified: May 13, 2025

6.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.8 / Impact: 3.4

Source: NVD

Description

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.

Affected (88)

Products: Liferay: Digital Experience Platform, Liferay Portal

Liferay

2 products

Digital Experience Platform

Liferay Portal

Configuration A

88 vulnerable

Vulnerable Software	Affected Versions
Liferay Digital Experience Platform	Version 7.0
Liferay Digital Experience Platform	Version 7.0 fix_pack_13
Liferay Digital Experience Platform	Version 7.0 fix_pack_14
Liferay Digital Experience Platform	Version 7.0 fix_pack_24
Liferay Digital Experience Platform	Version 7.0 fix_pack_25
Liferay Digital Experience Platform	Version 7.0 fix_pack_26
Liferay Digital Experience Platform	Version 7.0 fix_pack_27
Liferay Digital Experience Platform	Version 7.0 fix_pack_28
Liferay Digital Experience Platform	Version 7.0 fix_pack_30
Liferay Digital Experience Platform	Version 7.0 fix_pack_33
Liferay Digital Experience Platform	Version 7.0 fix_pack_35
Liferay Digital Experience Platform	Version 7.0 fix_pack_36
Liferay Digital Experience Platform	Version 7.0 fix_pack_39
Liferay Digital Experience Platform	Version 7.0 fix_pack_3
Liferay Digital Experience Platform	Version 7.0 fix_pack_40
Liferay Digital Experience Platform	Version 7.0 fix_pack_41
Liferay Digital Experience Platform	Version 7.0 fix_pack_42
Liferay Digital Experience Platform	Version 7.0 fix_pack_43
Liferay Digital Experience Platform	Version 7.0 fix_pack_44
Liferay Digital Experience Platform	Version 7.0 fix_pack_45
Liferay Digital Experience Platform	Version 7.0 fix_pack_46
Liferay Digital Experience Platform	Version 7.0 fix_pack_47
Liferay Digital Experience Platform	Version 7.0 fix_pack_48
Liferay Digital Experience Platform	Version 7.0 fix_pack_49
Liferay Digital Experience Platform	Version 7.0 fix_pack_50
Liferay Digital Experience Platform	Version 7.0 fix_pack_51
Liferay Digital Experience Platform	Version 7.0 fix_pack_52
Liferay Digital Experience Platform	Version 7.0 fix_pack_53
Liferay Digital Experience Platform	Version 7.0 fix_pack_54
Liferay Digital Experience Platform	Version 7.0 fix_pack_56
Liferay Digital Experience Platform	Version 7.0 fix_pack_57
Liferay Digital Experience Platform	Version 7.0 fix_pack_58
Liferay Digital Experience Platform	Version 7.0 fix_pack_59
Liferay Digital Experience Platform	Version 7.0 fix_pack_60
Liferay Digital Experience Platform	Version 7.0 fix_pack_61
Liferay Digital Experience Platform	Version 7.0 fix_pack_64
Liferay Digital Experience Platform	Version 7.0 fix_pack_65
Liferay Digital Experience Platform	Version 7.0 fix_pack_66
Liferay Digital Experience Platform	Version 7.0 fix_pack_67
Liferay Digital Experience Platform	Version 7.0 fix_pack_68
Liferay Digital Experience Platform	Version 7.0 fix_pack_69
Liferay Digital Experience Platform	Version 7.0 fix_pack_70
Liferay Digital Experience Platform	Version 7.0 fix_pack_71
Liferay Digital Experience Platform	Version 7.0 fix_pack_72
Liferay Digital Experience Platform	Version 7.0 fix_pack_73
Liferay Digital Experience Platform	Version 7.0 fix_pack_75
Liferay Digital Experience Platform	Version 7.0 fix_pack_76
Liferay Digital Experience Platform	Version 7.0 fix_pack_78
Liferay Digital Experience Platform	Version 7.0 fix_pack_79
Liferay Digital Experience Platform	Version 7.0 fix_pack_80
Liferay Digital Experience Platform	Version 7.0 fix_pack_81
Liferay Digital Experience Platform	Version 7.0 fix_pack_82
Liferay Digital Experience Platform	Version 7.0 fix_pack_83
Liferay Digital Experience Platform	Version 7.0 fix_pack_84
Liferay Digital Experience Platform	Version 7.0 fix_pack_85
Liferay Digital Experience Platform	Version 7.0 fix_pack_86
Liferay Digital Experience Platform	Version 7.0 fix_pack_87
Liferay Digital Experience Platform	Version 7.0 fix_pack_88
Liferay Digital Experience Platform	Version 7.0 fix_pack_89
Liferay Digital Experience Platform	Version 7.0 fix_pack_90
Liferay Digital Experience Platform	Version 7.0 fix_pack_91
Liferay Digital Experience Platform	Version 7.0 fix_pack_92
Liferay Digital Experience Platform	Version 7.1
Liferay Digital Experience Platform	Version 7.1 fix_pack_10
Liferay Digital Experience Platform	Version 7.1 fix_pack_11
Liferay Digital Experience Platform	Version 7.1 fix_pack_12
Liferay Digital Experience Platform	Version 7.1 fix_pack_13
Liferay Digital Experience Platform	Version 7.1 fix_pack_14
Liferay Digital Experience Platform	Version 7.1 fix_pack_15
Liferay Digital Experience Platform	Version 7.1 fix_pack_16
Liferay Digital Experience Platform	Version 7.1 fix_pack_17
Liferay Digital Experience Platform	Version 7.1 fix_pack_18
Liferay Digital Experience Platform	Version 7.1 fix_pack_1
Liferay Digital Experience Platform	Version 7.1 fix_pack_2
Liferay Digital Experience Platform	Version 7.1 fix_pack_3
Liferay Digital Experience Platform	Version 7.1 fix_pack_4
Liferay Digital Experience Platform	Version 7.1 fix_pack_5
Liferay Digital Experience Platform	Version 7.1 fix_pack_6
Liferay Digital Experience Platform	Version 7.1 fix_pack_7
Liferay Digital Experience Platform	Version 7.1 fix_pack_8
Liferay Digital Experience Platform	Version 7.1 fix_pack_9
Liferay Digital Experience Platform	Version 7.2
Liferay Digital Experience Platform	Version 7.2 fix_pack_1
Liferay Digital Experience Platform	Version 7.2 fix_pack_2
Liferay Digital Experience Platform	Version 7.2 fix_pack_3
Liferay Digital Experience Platform	Version 7.2 fix_pack_4
Liferay Digital Experience Platform	Version 7.2 fix_pack_5
Liferay Liferay Portal	Before 7.3.3