Liferay DXP Incorrect Default Permissions Vulnerability - CVE-2021-38268 - Vulnerability Database

Liferay DXP Incorrect Default Permissions Vulnerability - CVE-2021-38268

Medium
Reference: CVE-2021-38268
Title: Liferay DXP Incorrect Default Permissions Vulnerability
Overview:

The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members allowing authenticated attackers to add and duplicate forms via the UI or the API.