Количество 2
Количество 2
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
GHSA-pr7v-qv65-rp9m
Liferay Portal and Liferay DXP Fails to Check Permissions
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-29052 The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| GHSA-pr7v-qv65-rp9m Liferay Portal and Liferay DXP Fails to Check Permissions | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу