{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-08-03T18:19:24", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.liferay.com/browse/LPE-17049"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-33323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107", "refsource": "CONFIRM", "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107"}, {"name": "https://issues.liferay.com/browse/LPE-17049", "refsource": "CONFIRM", "url": "https://issues.liferay.com/browse/LPE-17049"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:50:41.443Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.liferay.com/browse/LPE-17049"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-33323", "datePublished": "2021-08-03T18:19:24", "dateReserved": "2021-05-20T00:00:00", "dateUpdated": "2024-08-03T23:50:41.443Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:dxp:7.1:-:*:*:*:*:*:*", "matchCriteriaId": "C2AA7E18-A41B-4F0D-A04F-57C5745D091B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "392B783D-620D-4C71-AAA0-848B16964A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:*:*:*:*:*:*", "matchCriteriaId": "4F5A94E2-22B7-4D2D-A491-29F395E727C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:*:*:*:*:*:*", "matchCriteriaId": "E9B10908-C42B-4763-9D47-236506B0E84A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:*:*:*:*:*:*", "matchCriteriaId": "CF544435-36AC-49B8-BA50-A6B6D1678BBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:*:*:*:*:*:*", "matchCriteriaId": "9D265542-5333-4CCD-90E5-B5F6A55F9863", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:*:*:*:*:*:*", "matchCriteriaId": "1763CD8B-3ACD-4617-A1CA-B9F77A074977", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:*:*:*:*:*:*", "matchCriteriaId": "F25C66AA-B60D-413C-A848-51E12D6080AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_16:*:*:*:*:*:*", "matchCriteriaId": "071A0D53-EC95-4B18-9FA3-55208B1F7B94", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:*:*:*:*:*:*", "matchCriteriaId": "CC26A9D4-14D6-46B1-BB00-A2C4386EBCA4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:*:*:*:*:*:*", "matchCriteriaId": "350CDEDA-9A20-4BC3-BEAE-8346CED10CD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "3233D306-3F8E-40A4-B132-7264E63DD131", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "9EAEA45A-0370-475E-B4CB-395A434DC3A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "39310F05-1DB6-43BA-811C-9CB91D6DCF20", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "D6135B16-C89E-4F49-BA15-823E2AF26D68", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "CC887BEC-915B-44AC-B473-5448B3D8DCF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "D7A7CC60-C294-41EC-B000-D15AAA93A3D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:*:*:*:*:*:*", "matchCriteriaId": "022132F8-6E56-4A29-95D6-3B7861D39CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:*:*:*:*:*:*", "matchCriteriaId": "651DA9B7-9C11-47A7-AF5C-95625C8FFF6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*", "matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "99862578-46EC-4BB6-9CEF-EE5293BDCF8E", "versionEndExcluding": "7.3.1", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user."}, {"lang": "es", "value": "El m\u00f3dulo Dynamic Data Mapping en Liferay Portal versiones 7.1.0 hasta 7.3.2, y Liferay DXP versiones 7.1 anterior a fix pack 19, y versiones 7.2 anterior a fix pack 7, guarda autom\u00e1ticamente los valores de los formularios para usuarios no autenticados, que permite a atacantes remotos visualizar los valores guardados autom\u00e1ticamente al visualizar el formulario como un usuario no autenticado"}], "id": "CVE-2021-33323", "lastModified": "2021-08-11T15:14:48.540", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-08-03T19:15:08.657", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://issues.liferay.com/browse/LPE-17049"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}