Digital Experience Platform@2023.q4.0 Security Vulnerabilities and Issues — Digital Experience Platform@2023.q4.0 CVE List

Lucene search

LiferayDigital Experience Platform2023.q4.0

4 matches found

CVE•added 2024/10/22 3:15 p.m.•69 views

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authe...

9CVSS7.5AI score0.00904EPSS

CVE•added 2024/10/22 3:15 p.m.•58 views

CVE-2024-26271

Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to (1) change ...

8.8CVSS9AI score0.00123EPSS

CVE•added 2024/10/22 3:15 p.m.•40 views

CVE-2024-26272

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords,...

8.8CVSS8.9AI score0.00173EPSS

CVE•added 2024/10/22 3:15 p.m.•37 views

CVE-2024-26273

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user pas...

8.8CVSS7.8AI score0.00123EPSS