CVE-2021-33324
Description
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a sites page administration.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.121
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-47798,CVE-2021-33322,CVE-2021-33320,CVE-2021-33324,CVE-2020-15842 are fixed in Liferay - release.dxp.bom 7.2.10 | Windows |
| Vulnerabilities CVE-2021-33324 are fixed in Liferay - release.dxp.bom 7.1.10 | Windows |
| Vulnerabilities CVE-2021-33324 are fixed in Liferay - release.portal.bom 7.3.2 | Windows |
| Vulnerabilities CVE-2023-47798,CVE-2021-33322,CVE-2021-33320,CVE-2021-33324,CVE-2020-15842 are fixed in Liferay - release.dxp.bom for Linux 7.2.10 | Linux |
| Vulnerabilities CVE-2021-33324 are fixed in Liferay - release.dxp.bom for Linux 7.1.10 | Linux |
| Vulnerabilities CVE-2021-33324 are fixed in Liferay - release.portal.bom for Linux 7.3.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234