PT-2021-20101 · Liferay · Liferay Portal+1
Published
2021-08-03
·
Updated
2025-05-13
·
CVE-2021-33320
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions 7.3.1 and earlier
Liferay DXP versions 7.0 through 7.0 before fix pack 96
Liferay DXP versions 7.1 through 7.1 before fix pack 20
Liferay DXP versions 7.2 through 7.2 before fix pack 5
Description
The issue concerns the Flags module, which does not limit the rate at which content can be flagged as inappropriate. This allows remote authenticated users to spam the site administrator with emails.
Recommendations
For Liferay Portal versions 7.3.1 and earlier, update to a version later than 7.3.1.
For Liferay DXP versions 7.0 through 7.0 before fix pack 96, apply fix pack 96 or later.
For Liferay DXP versions 7.1 through 7.1 before fix pack 20, apply fix pack 20 or later.
For Liferay DXP versions 7.2 through 7.2 before fix pack 5, apply fix pack 5 or later.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal