PT-2021-20116 · Liferay · Liferay Portal+1

Published

2021-08-03

Updated

2022-07-12

CVE-2021-33335

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.0.3 through 7.3.4 Liferay DXP versions 7.1 before fix pack 20 Liferay DXP versions 7.2 before fix pack 9

Description A privilege escalation issue allows remote authenticated users with permission to update or edit users to take over a company administrator user account by editing the company administrator user.

Recommendations For Liferay Portal versions 7.0.3 through 7.3.4, update to a version outside of this range to resolve the issue. For Liferay DXP version 7.1, apply fix pack 20 or later to address the issue. For Liferay DXP version 7.2, apply fix pack 9 or later to resolve the issue.

Fix

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

CVE-2021-33335

GHSA-5GH9-G62H-F35M

Affected Products

Liferay Dxp

Liferay Portal

PT-2021-20116 · Liferay · Liferay Portal+1

CVE-2021-33335

Weakness Enumeration

Related Identifiers

Affected Products

References · 9