Design/Logic Flaw

2021-08-0319:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.6%

JSON

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user.

CPENameOperatorVersion
dxpeq7.2 fixpack2
dxpeq7.2 fixpack3
dxpeq7.2 fixpack4
dxpeq7.2 fixpack5
dxpeq7.2 fixpack1
dxpeq7.1 fixpack6
dxpeq7.1 fixpack7
dxpeq7.1 fixpack8
dxpeq7.1 fixpack9
dxpeq7.1 fixpack10

Name	Operator	Version
dxp	eq	7.2 fixpack2
dxp	eq	7.2 fixpack3
dxp	eq	7.2 fixpack4
dxp	eq	7.2 fixpack5
dxp	eq	7.2 fixpack1
dxp	eq	7.1 fixpack6
dxp	eq	7.1 fixpack7
dxp	eq	7.1 fixpack8
dxp	eq	7.1 fixpack9
dxp	eq	7.1 fixpack10