Workflow component in Liferay Portal and Liferay DXP allows remote authenticated users to execute arbitrary code via headless AP
Reporter | Title | Published | Views | Family All 4 |
---|---|---|---|---|
Cvelist | CVE-2024-38002 | 22 Oct 202415:12 | – | cvelist |
CVE | CVE-2024-38002 | 22 Oct 202415:15 | – | cve |
NVD | CVE-2024-38002 | 22 Oct 202415:15 | – | nvd |
OSV | CVE-2024-38002 | 22 Oct 202415:15 | – | osv |
[
{
"cpes": [
"cpe:2.3:a:liferay:portal:*:*:*:*:*:*:*:*"
],
"vendor": "liferay",
"product": "portal",
"versions": [
{
"status": "affected",
"version": "7.4.0",
"versionType": "maven",
"lessThanOrEqual": "7.4.3.111"
},
{
"status": "affected",
"version": "7.3.2",
"versionType": "maven",
"lessThanOrEqual": "7.3.7"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*"
],
"vendor": "liferay",
"product": "dxp",
"versions": [
{
"status": "affected",
"version": "2023.q4.0",
"versionType": "maven",
"lessThanOrEqual": "2023.q4.5"
},
{
"status": "affected",
"version": "2023.q3.1",
"versionType": "maven",
"lessThanOrEqual": "2023.q3.8"
},
{
"status": "affected",
"version": "7.4"
},
{
"status": "affected",
"version": "7.3"
}
],
"defaultStatus": "unknown"
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo