Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay DXP Incorrect Default Permissions Vulnerability - CVE-2021-38268 - Vulnerability Database
Liferay DXP

Liferay DXP Incorrect Default Permissions Vulnerability - CVE-2021-38268

Medium
Reference: CVE-2021-38268
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-38268
Title: Liferay DXP Incorrect Default Permissions Vulnerability
Overview:

The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members allowing authenticated attackers to add and duplicate forms via the UI or the API.