CVE-2021-33320
Description
The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site administrator with emails
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.392
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-33322,CVE-2021-33326,CVE-2021-33320 are fixed in Liferay - release.dxp.bom 7.0.10 | Windows |
| Vulnerabilities CVE-2023-47798,CVE-2021-33322,CVE-2021-33320,CVE-2021-33324,CVE-2020-15842 are fixed in Liferay - release.dxp.bom 7.2.10 | Windows |
| Multiple vulnerabilities are fixed in Liferay - release.dxp.bom 7.1.10 | Windows |
| Vulnerabilities CVE-2021-33320 are fixed in Liferay - com.liferay.flags.taglib 5.0.11 | Windows |
| Vulnerabilities CVE-2021-33322,CVE-2021-33326,CVE-2021-33320 are fixed in Liferay - release.dxp.bom for Linux 7.0.10 | Linux |
| Vulnerabilities CVE-2023-47798,CVE-2021-33322,CVE-2021-33320,CVE-2021-33324,CVE-2020-15842 are fixed in Liferay - release.dxp.bom for Linux 7.2.10 | Linux |
| Multiple vulnerabilities are fixed in Liferay - release.dxp.bom for Linux 7.1.10 | Linux |
| Vulnerabilities CVE-2021-33320 are fixed in Liferay - com.liferay.flags.taglib for Linux 5.0.11 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234