CVE-2023-33947
Summary
| CVE | CVE-2023-33947 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-05-24 16:15:00 UTC |
| Updated | 2023-06-01 17:02:00 UTC |
| Description | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Liferay | Digital Experience Platform | 7.4 | - | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update1 | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update21 | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update34 | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update36 | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update41 | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update50 | All | All |
| Application | Liferay | Digital Experience Platform | 7.4 | update52 | All | All |
| Application | Liferay | Liferay Portal | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2023-33947 Unauthorized access to object definition via search - Liferay | MISC | liferay.dev | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 731011 Liferay Portal Unauthorized Access Vulnerability