CVE-2021-33323

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://issues.liferay.com/browse/LPE-17049	Patch Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107	Release Notes Vendor Advisory
https://issues.liferay.com/browse/LPE-17049	Patch Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:liferay:digital_experience_platform:7.1:-::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:-::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5::::::
	cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6::::::
	cpe:2.3:a:liferay:liferay_portal::::::::

History

13 May 2025, 18:17

Type	Values Removed	Values Added
First Time		Liferay digital Experience Platform
CPE	cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:::::: cpe:2.3:a:liferay:dxp:7.2:-:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_16:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:::::: cpe:2.3:a:liferay:dxp:7.1:-:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_3::::::	cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:-:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:-:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:::::: cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:::::: cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18::::::

21 Nov 2024, 06:08

Type	Values Removed	Values Added
References	~~() https://issues.liferay.com/browse/LPE-17049 - Patch, Vendor Advisory~~	() https://issues.liferay.com/browse/LPE-17049 - Patch, Vendor Advisory
References	~~() https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107 - Release Notes, Vendor Advisory~~	() https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107 - Release Notes, Vendor Advisory

11 Aug 2021, 15:14

Type	Values Removed	Values Added
References	~~(CONFIRM) https://issues.liferay.com/browse/LPE-17049 -~~	(CONFIRM) https://issues.liferay.com/browse/LPE-17049 - Patch, Vendor Advisory
References	~~(CONFIRM) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107 -~~	(CONFIRM) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747107 - Release Notes, Vendor Advisory
CWE		CWE-312
CPE		cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:::::: cpe:2.3:a:liferay:liferay_portal:::::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:::::: cpe:2.3:a:liferay:dxp:7.1:-:::::: cpe:2.3:a:liferay:dxp:7.2:-:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_16::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 7.5

03 Aug 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-08-03 19:15

Updated : 2025-05-13 18:17

NVD link : CVE-2021-33323

Mitre link : CVE-2021-33323

CVE.ORG link : CVE-2021-33323

JSON object : View

Products Affected

liferay

liferay_portal
digital_experience_platform

CWE

CWE-312

Cleartext Storage of Sensitive Information

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-33323

7.5^/10

5.0^/10

Attach tags to `CVE-2021-33323`