CVE-2021-33327
Description
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if Role Visibility is enabled.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.106
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-33327 are fixed in Liferay - release.dxp.bom 7.0.10 | Windows |
| Vulnerabilities CVE-2021-33327 are fixed in Liferay - release.dxp.bom 7.1.10 | Windows |
| Vulnerabilities CVE-2021-33327,CVE-2021-33331,CVE-2022-26596 are fixed in Liferay - release.dxp.bom 7.2.10 | Windows |
| Vulnerabilities CVE-2021-33327 are fixed in Liferay - com.liferay.portlet.configuration.web 4.0.13 | Windows |
| Vulnerabilities CVE-2021-33327 are fixed in Liferay - release.dxp.bom for Linux 7.0.10 | Linux |
| Vulnerabilities CVE-2021-33327 are fixed in Liferay - release.dxp.bom for Linux 7.1.10 | Linux |
| Vulnerabilities CVE-2021-33327,CVE-2021-33331,CVE-2022-26596 are fixed in Liferay - release.dxp.bom for Linux 7.2.10 | Linux |
| Vulnerabilities CVE-2021-33327 are fixed in Liferay - com.liferay.portlet.configuration.web for Linux 4.0.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234