CVE-2021-33325

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, and 7.2 before fix pack 7, user's clear text passwords are stored in the database if workflow is enabled for user creation, which allows attackers with access to the database to obtain a user's password.

CVSS v3 4.9 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://issues.liferay.com/browse/LPE-17042	Patch Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748389	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:liferay:dxp:7.0:-::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_13::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_14::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_24::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_25::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_26::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_27::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_28::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_3\+::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_30::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_33::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_35::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_36::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_39::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_40::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_41::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_42::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_43::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_44::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_45::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_46::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_47::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_48::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_49::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_50::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_51::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_52::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_53::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_54::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_56::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_57::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_58::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_59::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_60::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_61::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_64::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_65::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_66::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_67::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_68::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_69::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_70::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_71::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_72::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_73::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_75::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_76::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_78::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_79::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_80::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_81::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_82::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_83::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_84::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_85::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_86::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_87::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_88::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_89::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_90::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_91::::::
	cpe:2.3:a:liferay:dxp:7.0:fix_pack_92::::::
	cpe:2.3:a:liferay:dxp:7.1:-::::::
	cpe:2.3:a:liferay:dxp:7.1:fix_pack_1::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_10::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_11::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_12::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_13::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_14::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_15::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_16::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_17::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_18::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_2::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_3::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_4::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_5::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_6::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_7::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_8::::::
cpe:2.3:a:liferay:dxp:7.1:fix_pack_9::::::
cpe:2.3:a:liferay:dxp:7.2:-::::::
cpe:2.3:a:liferay:dxp:7.2:fix_pack_1::::::
cpe:2.3:a:liferay:dxp:7.2:fix_pack_2::::::
cpe:2.3:a:liferay:dxp:7.2:fix_pack_3::::::
cpe:2.3:a:liferay:dxp:7.2:fix_pack_4::::::
cpe:2.3:a:liferay:dxp:7.2:fix_pack_5::::::
cpe:2.3:a:liferay:dxp:7.2:fix_pack_6::::::
cpe:2.3:a:liferay:liferay_portal::::::::

History

11 Aug 2021, 14:45

Type	Values Removed	Values Added
CWE		CWE-312
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.0 v3 : 4.9
References	~~(CONFIRM) https://issues.liferay.com/browse/LPE-17042 -~~	(CONFIRM) https://issues.liferay.com/browse/LPE-17042 - Patch, Vendor Advisory
References	~~(CONFIRM) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748389 -~~	(CONFIRM) https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120748389 - Release Notes, Vendor Advisory
CPE		cpe:2.3:a:liferay:dxp:7.0:fix_pack_82:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_54:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_15:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_43:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_40:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_49:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_88:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_60:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_25:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_90:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_5:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_53:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_72:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_64:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_87:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_42:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_30:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_68:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_75:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_13:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_41:::::: cpe:2.3:a:liferay:dxp:7.0:-:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_48:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_10:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_58:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_16:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_67:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_78:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_35:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_61:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_28:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_65:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_4:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_13:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_56:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_80:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_11:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_52:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_51:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_79:::::: cpe:2.3:a:liferay:dxp:7.1:-:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_9:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_84:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_76:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_57:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_17:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_18:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_92:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_83:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_27:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_2:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_3:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_44:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_6:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_36:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_26:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_1:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_12:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_33:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_45:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_71:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_85:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_8:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_70:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_81:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_66:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_91:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_14:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_73:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_59:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:::::: cpe:2.3:a:liferay:liferay_portal:::::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_86:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_14:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_69:::::: cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_39:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_47:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_50:::::: cpe:2.3:a:liferay:dxp:7.1:fix_pack_7:::::: cpe:2.3:a:liferay:dxp:7.2:-:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_24:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_89:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_46:::::: cpe:2.3:a:liferay:dxp:7.0:fix_pack_3\+::::::

03 Aug 2021, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-08-03 19:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-33325

Mitre link : CVE-2021-33325

CVE.ORG link : CVE-2021-33325

JSON object : View

Products Affected

liferay

dxp
liferay_portal

CWE

CWE-312

Cleartext Storage of Sensitive Information

4.9 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-33325

4.9^/10

4.0^/10

Attach tags to `CVE-2021-33325`