CVE-2021-33334

MEDIUM Year: 2021
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-276
View all →

Vulnerability Description

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to view all forms and form entries in a site via the forms section in site administration.

Related Vulnerabilities

CVE-2012-1157

MEDIUM
CVSS:4.3(Medium)

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default

CWE-2762012

CVE-2013-4764

MEDIUM
CVSS:4.3(Medium)

Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.

CWE-2762013

CVE-2017-9505

MEDIUM
CVSS:4.3(Medium)

Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Conflu...

CWE-2762017

CVE-2019-10465

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Deploy WebLogic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials, or determine wh...

CWE-2762019

CVE-2019-10473

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Libvirt Slaves Plugin in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.

CWE-2762019

CVE-2019-10474

MEDIUM
CVSS:4.3(Medium)

A missing permission check in Jenkins Global Post Script Plugin in allowed users with Overall/Read access to list the scripts available to the plugin stored on the Jenkins master file system.

CWE-2762019