PT-2021-20104 · Liferay · Liferay Portal+2

Published

2021-08-03

Updated

2022-05-24

CVE-2021-33323

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.3.2 Liferay DXP versions 7.1 before fix pack 19 Liferay DXP versions 7.2 before fix pack 7

Description The Dynamic Data Mapping module autosaves form values for unauthenticated users, allowing remote attackers to view these autosaved values by accessing the form as an unauthenticated user.

Recommendations For Liferay Portal versions 7.1.0 through 7.3.2, update to a version that includes the necessary security fixes. For Liferay DXP version 7.1, apply fix pack 19 or later. For Liferay DXP version 7.2, apply fix pack 7 or later. As a temporary workaround, consider disabling the Dynamic Data Mapping module until a patch is available.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2021-33323

GHSA-FXPF-JR2Q-VPVV

Affected Products

Dynamic Data Mapping

Liferay Dxp

Liferay Portal

PT-2021-20104 · Liferay · Liferay Portal+2

CVE-2021-33323

Weakness Enumeration

Related Identifiers

Affected Products

References · 7