Lucene search
HistoryAug 02, 2023 - 10:15 a.m.
CVE-2023-3426
cve-2023-3426
liferay portal
dxp
organization selector
permission bypass
remote authenticated users
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.3
Confidence
High
EPSS
0.001
Percentile
32.3%
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
Affected configurations
Node
liferaydigital_experience_platformMatch7.4update81
ORliferaydigital_experience_platformMatch7.4update82
ORliferaydigital_experience_platformMatch7.4update83
ORliferaydigital_experience_platformMatch7.4update84
ORliferaydigital_experience_platformMatch7.4update85
ORliferayliferay_portalRange7.4.3.81–7.4.3.85
| Vendor | Product | Version | CPE |
|---|---|---|---|
| liferay | digital_experience_platform | 7.4 | cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.4 | cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.4 | cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.4 | cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.4 | cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:* |
| liferay | liferay_portal | * | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2023-3426
2023-08-02 09:40:28
nessus
nessus
Liferay DXP 7.4 update 81 < 7.4 update 86 Information Disclosure
2023-08-03 00:00:00
Liferay Portal 7.4.3.81 < 7.4.3.86 Information Disclosure
2023-08-03 00:00:00
osv
osv
BIT-liferay-2023-3426
2024-01-31 15:17:10
CVE-2023-3426
2023-08-02 10:15:09
prion
prion
Design/Logic Flaw
2023-08-02 10:15:00
cve
cve
CVE-2023-3426
2023-08-02 10:15:09
CVSS3
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
AI Score
4.3
Confidence
High
EPSS
0.001
Percentile
32.3%
Related for NVD:CVE-2023-3426