The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay digital experience platform 7.3 |
||
liferay digital experience platform 7.4 |
||
liferay liferay portal |