Lucene search
PRIOn knowledge basePRION:CVE-2021-29052HistoryMay 17, 2021 - 12:15 p.m.
Design/Logic Flaw
2021-05-1712:15:00
PRIOn knowledge base
www.prio-n.com
3
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dxp | eq | 7.3 | |
| liferay_portal | ge | 7.3.0 | |
| liferay_portal | le | 7.3.5 |
Related
cve
cve
CVE-2021-29052
2021-05-17 12:15:07
osv
osv
CVE-2021-29052
2021-05-17 12:15:07
nvd
nvd
CVE-2021-29052
2021-05-17 12:15:07
nessus
nessus
Liferay Portal 7.3.x < 7.3.6 Information Disclosure
2021-07-13 00:00:00
cvelist
cvelist
CVE-2021-29052
2021-05-17 11:16:27