Количество 2
Количество 2
CVE-2021-33334
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.
GHSA-g37f-j8hh-736f
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-33334 The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. | CVSS3: 4.3 | 0% Низкий | больше 4 лет назад |
| GHSA-g37f-j8hh-736f Liferay Portal and Liferay DXP Fails to Properly Check User Permissions | CVSS3: 4.3 | 0% Низкий | больше 3 лет назад |
Уязвимостей на страницу