CVE-2024-8980
Essential information
- Published
- 22/10/2024 15:15
- Modified
- 30/10/2024 14:46
- Author
- —
- Creator
- —
- CVSS
- 6.1 MEDIUM (v3.1)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N—
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- REQUIRED
- Scope
- CHANGED
- Confidentiality impact
- LOW
- Integrity impact
- LOW
- Availability impact
- NONE
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173
does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.
NVD status
- Status
- Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:6.2:-:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.3:update14:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.3:update35:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023:q3.1:*:*:*:*:*:* |
| liferay / digital experience platform | cpe:2.3:a:liferay:digital_experience_platform:2023:q3.4:*:*:*:*:*:* |
| liferay / liferay portal | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
| liferay / liferay portal | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
| liferay / liferay portal | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
| liferay / liferay portal | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
| liferay / liferay portal | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |