The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946 - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
01 Jun 2023, 17:04
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
| CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
|
| CWE | NVD-CWE-Other | |
| References | (MISC) https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946 - Vendor Advisory |
24 May 2023, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-05-24 16:15
Updated : 2024-11-21 08:06
NVD link : CVE-2023-33946
Mitre link : CVE-2023-33946
CVE.ORG link : CVE-2023-33946
JSON object : View
Products Affected
liferay
- digital_experience_platform
- liferay_portal
CWE