The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33947 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Jun 2023, 17:02
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33947 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
First Time |
Liferay
Liferay liferay Portal Liferay digital Experience Platform |
|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
24 May 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-24 16:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-33947
Mitre link : CVE-2023-33947
CVE.ORG link : CVE-2023-33947
JSON object : View
Products Affected
liferay
- digital_experience_platform
- liferay_portal
CWE