CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29052

The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.0%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

Products affected by CVE-2021-29052

Liferay » Dxp » Version: 7.3

cpe:2.3:a:liferay:dxp:7.3
Liferay » Liferay Portal » Version: 7.3.0

cpe:2.3:a:liferay:liferay_portal:7.3.0
Liferay » Liferay Portal » Version: 7.3.1

cpe:2.3:a:liferay:liferay_portal:7.3.1
Liferay » Liferay Portal » Version: 7.3.2

cpe:2.3:a:liferay:liferay_portal:7.3.2
Liferay » Liferay Portal » Version: 7.3.3

cpe:2.3:a:liferay:liferay_portal:7.3.3
Liferay » Liferay Portal » Version: 7.3.4

cpe:2.3:a:liferay:liferay_portal:7.3.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-29052

Products

Pricing

Contact Us