Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33946 Vulnerability in maven package com.liferay.portal:release.portal.bom

Description

The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33946

Related Vulnerabilities

CVE-2022-46684 Vulnerability in maven package com.checkmarx.jenkins:checkmarx

CVE-2009-4875 Vulnerability in maven package net.fckeditor:java-core

CVE-2010-1622 Vulnerability in maven package org.springframework:spring

CVE-2014-0225 Vulnerability in maven package org.springframework:spring-oxm

CVE-2010-1622 Vulnerability in maven package org.springframework:spring-beans

Severity

Medium

Classification

CWE-284 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory