Privilege Escalation Vulnerability in Liferay Portal and Liferay DXP Allows Takeover of Company Administrator Account
CVE-2021-33335 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator user.
Learn more about our User Device Pen Test.