CVE-2021-33331

EPSS 0.36%
Veröffentlicht 03.08.2021 21:15:08
Zuletzt bearbeitet 13.05.2025 18:17:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.0 Update-

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_13

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_14

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_24

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_25

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_26

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_27

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_28

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_30

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_33

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_35

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_36

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_39

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_40

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_41

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_42

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_43

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_44

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_45

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_46

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_47

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_48

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_49

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_50

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_51

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_52

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_53

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_54

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_56

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_57

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_58

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_59

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_60

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_61

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_64

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_65

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_66

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_67

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_68

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_69

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_70

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_71

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_72

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_73

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_75

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_76

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_78

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_79

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_80

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_81

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_82

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_83

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_84

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_85

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_86

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_87

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_88

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_89

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_90

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_91

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_92

Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_93

Liferay ≫ Digital Experience Platform Version7.1 Update-

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_10

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_11

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_12

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_13

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_14

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_15

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_16

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_17

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_18

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_4

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_5

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_6

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_7

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_8

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_9

Liferay ≫ Digital Experience Platform Version7.2 Update-

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_4

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_5

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_6

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_7

Liferay ≫ Liferay Portal Version >= 7.0.0 < 7.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.549

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://issues.liferay.com/browse/LPE-17022

Patch

Vendor Advisory

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/120747627

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-33331

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33331

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33331

EUVD