← Back

CVE-2023-33946

nvd nist
Published: May 24, 2023Modified: Jan 13, 2026

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.

Affected (49)

Liferay
2 products
Digital Experience Platform
Liferay Portal
Configuration A
49 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Digital Experience Platform
Version 7.4 update10
Digital Experience Platform
Version 7.4 update11
Digital Experience Platform
Version 7.4 update12
Digital Experience Platform
Version 7.4 update13
Digital Experience Platform
Version 7.4 update14
Digital Experience Platform
Version 7.4 update15
Digital Experience Platform
Version 7.4 update16
Digital Experience Platform
Version 7.4 update17
Digital Experience Platform
Version 7.4 update18
Digital Experience Platform
Version 7.4 update19
Digital Experience Platform
Version 7.4 update1
Digital Experience Platform
Version 7.4 update20
Digital Experience Platform
Version 7.4 update21
Digital Experience Platform
Version 7.4 update22
Digital Experience Platform
Version 7.4 update23
Digital Experience Platform
Version 7.4 update24
Digital Experience Platform
Version 7.4 update25
Digital Experience Platform
Version 7.4 update26
Digital Experience Platform
Version 7.4 update27
Digital Experience Platform
Version 7.4 update28
Digital Experience Platform
Version 7.4 update29
Digital Experience Platform
Version 7.4 update2
Digital Experience Platform
Version 7.4 update30
Digital Experience Platform
Version 7.4 update31
Digital Experience Platform
Version 7.4 update32
Digital Experience Platform
Version 7.4 update33
Digital Experience Platform
Version 7.4 update34
Digital Experience Platform
Version 7.4 update35
Digital Experience Platform
Version 7.4 update36
Digital Experience Platform
Version 7.4 update37
Digital Experience Platform
Version 7.4 update38
Digital Experience Platform
Version 7.4 update39
Digital Experience Platform
Version 7.4 update3
Digital Experience Platform
Version 7.4 update40
Digital Experience Platform
Version 7.4 update41
Digital Experience Platform
Version 7.4 update42
Digital Experience Platform
Version 7.4 update43
Digital Experience Platform
Version 7.4 update44
Digital Experience Platform
Version 7.4 update45
Digital Experience Platform
Version 7.4 update46
Digital Experience Platform
Version 7.4 update47
Digital Experience Platform
Version 7.4 update48
Digital Experience Platform
Version 7.4 update4
Digital Experience Platform
Version 7.4 update5
Digital Experience Platform
Version 7.4 update6
Digital Experience Platform
Version 7.4 update7
Digital Experience Platform
Version 7.4 update8
Digital Experience Platform
Version 7.4 update9
Liferay Portal
From 7.4.3.4 to 7.4.3.48

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: security@liferay.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.