Privilege Escalation Vulnerability in Liferay Portal and Liferay DXP Allows Takeover of Company Administrator Account

Privilege Escalation Vulnerability in Liferay Portal and Liferay DXP Allows Takeover of Company Administrator Account

CVE-2021-33335 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.

Learn more about our User Device Pen Test.