CVE-2021-33327
First published: Tue Aug 03 2021(Updated: )
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is enabled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay DXP | =7.0-fix_pack_93 | |
| Liferay DXP | =7.0-fix_pack_94 | |
| Liferay DXP | =7.1-fix_pack_18 | |
| Liferay DXP | =7.2 | |
| Liferay DXP | =7.2-fix_pack_1 | |
| Liferay DXP | =7.2-fix_pack_2 | |
| Liferay DXP | =7.2-fix_pack_3 | |
| Liferay DXP | =7.2-fix_pack_4 | |
| Liferay DXP | =7.2-fix_pack_5 | |
| Liferay DXP | =7.2-fix_pack_6 | |
| Liferay DXP | =7.2-fix_pack_7 | |
| Liferay Liferay Portal | >=7.2.0<7.3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-33327?
CVE-2021-33327 is a vulnerability in the Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, which allows remote authenticated users to view the Guest and User role even if "Role Visibility" is disabled.
How severe is CVE-2021-33327?
CVE-2021-33327 has a severity score of 4.3, which is considered medium.
Which software versions are affected by CVE-2021-33327?
CVE-2021-33327 affects Liferay Portal versions 7.2.0 through 7.3.3, Liferay DXP versions 7.0 fix pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8.
How can I fix CVE-2021-33327?
To fix CVE-2021-33327, users are advised to apply the necessary patches or updates provided by Liferay for the affected software versions.
Where can I find more information about CVE-2021-33327?
You can find more information about CVE-2021-33327 at the following references: [Link 1](https://issues.liferay.com/browse/LPE-17075), [Link 2](https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747840)
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/liferay
- canonical/liferay dxp
- version/liferay dxp/7.0-fix_pack_93
- version/liferay dxp/7.0-fix_pack_94
- version/liferay dxp/7.1-fix_pack_18
- version/liferay dxp/7.2
- version/liferay dxp/7.2-fix_pack_1
- version/liferay dxp/7.2-fix_pack_2
- version/liferay dxp/7.2-fix_pack_3
- version/liferay dxp/7.2-fix_pack_4
- version/liferay dxp/7.2-fix_pack_5
- version/liferay dxp/7.2-fix_pack_6
- version/liferay dxp/7.2-fix_pack_7
- canonical/liferay liferay portal
- version/liferay liferay portal/7.2.0