Lucene search
PRIOn knowledge basePRION:CVE-2021-33322HistoryAug 03, 2021 - 7:15 p.m.
Default credentials
2021-08-0319:15:00
PRIOn knowledge base
www.prio-n.com
1
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote attackers to change the userβs password via the old password reset token.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dxp | eq | 7.0 fixpack81 | |
| dxp | eq | 7.0 fixpack13 | |
| dxp | eq | 7.0 fixpack14 | |
| dxp | eq | 7.0 fixpack24 | |
| dxp | eq | 7.0 fixpack25 | |
| dxp | eq | 7.0 fixpack26 | |
| dxp | eq | 7.0 fixpack27 | |
| dxp | eq | 7.0 fixpack28 | |
| dxp | eq | 7.0 fixpack3 | |
| dxp | eq | 7.0 fixpack30 |
Related
cnvd
cnvd
Liferay Portal and Liferay DXP code issue vulnerability
2021-08-05 00:00:00
cvelist
cvelist
CVE-2021-33322
2021-08-03 18:29:17
osv
osv
CVE-2021-33322
2021-08-03 19:15:08
nvd
nvd
CVE-2021-33322
2021-08-03 19:15:08
cve
cve
CVE-2021-33322
2021-08-03 19:15:08