Liferay DXP Incorrect Default Permissions Vulnerability - CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3 and Liferay DXP 7.0 fix pack pack 93 and 94 7.1 fix pack 18 and 7.2 before fix pack 8 does not properly check user permission which allows remote authenticated users to view the Guest and User role even if quotRole Visibilityquot is enabled.