CVE-2021-33323

EUVD-2021-20032
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
liferaydigital_experience_platform
7.1
liferaydigital_experience_platform
7.1:fix_pack_1
liferaydigital_experience_platform
7.1:fix_pack_10
liferaydigital_experience_platform
7.1:fix_pack_11
liferaydigital_experience_platform
7.1:fix_pack_12
liferaydigital_experience_platform
7.1:fix_pack_13
liferaydigital_experience_platform
7.1:fix_pack_14
liferaydigital_experience_platform
7.1:fix_pack_15
liferaydigital_experience_platform
7.1:fix_pack_16
liferaydigital_experience_platform
7.1:fix_pack_17
liferaydigital_experience_platform
7.1:fix_pack_18
liferaydigital_experience_platform
7.1:fix_pack_2
liferaydigital_experience_platform
7.1:fix_pack_3
liferaydigital_experience_platform
7.1:fix_pack_4
liferaydigital_experience_platform
7.1:fix_pack_5
liferaydigital_experience_platform
7.1:fix_pack_6
liferaydigital_experience_platform
7.1:fix_pack_7
liferaydigital_experience_platform
7.1:fix_pack_8
liferaydigital_experience_platform
7.1:fix_pack_9
liferaydigital_experience_platform
7.2
liferaydigital_experience_platform
7.2:fix_pack_1
liferaydigital_experience_platform
7.2:fix_pack_2
liferaydigital_experience_platform
7.2:fix_pack_3
liferaydigital_experience_platform
7.2:fix_pack_4
liferaydigital_experience_platform
7.2:fix_pack_5
liferaydigital_experience_platform
7.2:fix_pack_6
liferayliferay_portal
7.1.0 ≤
𝑥
< 7.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://issues.liferay.com/browse/LPE-17049
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107
https://issues.liferay.com/browse/LPE-17049
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107