CVE-2021-33334
Summary
| CVE | CVE-2021-33334 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-03 21:15:00 UTC |
| Updated | 2021-08-11 17:06:00 UTC |
| Description | The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration. |
Risk And Classification
Problem Types: CWE-276
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Liferay | Dxp | 7.0 | - | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_13 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_14 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_24 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_25 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_26 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_27 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_28 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_30 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_33 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_35 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_36 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_39 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_3\+ | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_40 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_41 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_42 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_43 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_44 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_45 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_46 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_47 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_48 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_49 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_50 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_51 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_52 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_53 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_54 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_56 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_57 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_58 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_59 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_60 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_61 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_64 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_65 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_66 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_67 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_68 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_69 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_70 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_71 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_72 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_73 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_75 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_76 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_78 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_79 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_80 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_81 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_82 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_83 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_84 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_85 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_86 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_87 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_88 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_89 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_90 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_91 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_92 | All | All |
| Application | Liferay | Dxp | 7.0 | fix_pack_93 | All | All |
| Application | Liferay | Dxp | 7.1 | - | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_1 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_10 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_11 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_12 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_13 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_14 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_15 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_16 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_17 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_18 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_2 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_3 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_4 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_5 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_6 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_7 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_8 | All | All |
| Application | Liferay | Dxp | 7.1 | fix_pack_9 | All | All |
| Application | Liferay | Dxp | 7.2 | - | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_1 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_2 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_3 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_4 | All | All |
| Application | Liferay | Dxp | 7.2 | fix_pack_5 | All | All |
| Application | Liferay | Liferay Portal | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-33334 Unauthorized users can view forms and form entries | CONFIRM | portal.liferay.dev | |
| [LPE-17039] Unauthorized users can view forms and form entries - Liferay Issues | CONFIRM | issues.liferay.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.