The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Jun 2023, 17:04
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* |
|
CWE | NVD-CWE-Other | |
First Time |
Liferay
Liferay liferay Portal Liferay digital Experience Platform |
|
References | (MISC) https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
24 May 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-24 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-33946
Mitre link : CVE-2023-33946
CVE.ORG link : CVE-2023-33946
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform
CWE