4.3

CVE-2023-33946

EPSS 0.15%
Veröffentlicht 24.05.2023 16:15:09
Zuletzt bearbeitet 13.01.2026 02:53:59
Quelle security@liferay.com
CVE-Watchlists
Login
Unerledigt
Login

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate1

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate10

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate11

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate12

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate13

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate14

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate15

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate16

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate17

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate18

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate19

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate2

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate20

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate21

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate22

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate23

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate24

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate25

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate26

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate27

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate28

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate29

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate3

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate30

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate31

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate4

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate5

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate6

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate7

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate8

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate9

Liferay ≫ Liferay Portal Version >= 7.4.3.4 <= 7.4.3.48

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.355

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@liferay.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-33946

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33946

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33946

EUVD