{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38002", "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "state": "PUBLISHED", "assignerShortName": "Liferay", "dateReserved": "2024-06-11T15:40:10.985Z", "datePublished": "2024-10-22T15:12:42.223Z", "dateUpdated": "2024-10-22T15:22:55.078Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Portal", "vendor": "Liferay", "versions": [{"lessThanOrEqual": "7.3.7", "status": "affected", "version": "7.3.2", "versionType": "maven"}, {"lessThanOrEqual": "7.4.3.111", "status": "affected", "version": "7.4.0", "versionType": "maven"}]}, {"defaultStatus": "unaffected", "product": "DXP", "vendor": "Liferay", "versions": [{"lessThanOrEqual": "7.3.10-u36", "status": "affected", "version": "7.3.10", "versionType": "maven"}, {"lessThanOrEqual": "7.4.13-u92", "status": "affected", "version": "7.4.13", "versionType": "maven"}, {"lessThanOrEqual": "2023.Q3.8", "status": "affected", "version": "2023.Q3.1", "versionType": "maven"}, {"lessThanOrEqual": "2023.Q4.5", "status": "affected", "version": "2023.Q4.0", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API."}], "value": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "shortName": "Liferay", "dateUpdated": "2024-10-22T15:12:42.223Z"}, "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "liferay", "product": "portal", "cpes": ["cpe:2.3:a:liferay:portal:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "7.4.0", "status": "affected", "lessThanOrEqual": "7.4.3.111", "versionType": "maven"}, {"version": "7.3.2", "status": "affected", "lessThanOrEqual": "7.3.7", "versionType": "maven"}]}, {"vendor": "liferay", "product": "dxp", "cpes": ["cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2023.q4.0", "status": "affected", "lessThanOrEqual": "2023.q4.5", "versionType": "maven"}, {"version": "2023.q3.1", "status": "affected", "lessThanOrEqual": "2023.q3.8", "versionType": "maven"}, {"version": "7.4", "status": "affected"}, {"version": "7.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-22T15:21:03.278642Z", "id": "CVE-2024-38002", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T15:22:55.078Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38002", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-22T15:21:03.278642Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:liferay:portal:*:*:*:*:*:*:*:*"], "vendor": "liferay", "product": "portal", "versions": [{"status": "affected", "version": "7.4.0", "versionType": "maven", "lessThanOrEqual": "7.4.3.111"}, {"status": "affected", "version": "7.3.2", "versionType": "maven", "lessThanOrEqual": "7.3.7"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*"], "vendor": "liferay", "product": "dxp", "versions": [{"status": "affected", "version": "2023.q4.0", "versionType": "maven", "lessThanOrEqual": "2023.q4.5"}, {"status": "affected", "version": "2023.q3.1", "versionType": "maven", "lessThanOrEqual": "2023.q3.8"}, {"status": "affected", "version": "7.4"}, {"status": "affected", "version": "7.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-22T15:22:45.625Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Liferay", "product": "Portal", "versions": [{"status": "affected", "version": "7.3.2", "versionType": "maven", "lessThanOrEqual": "7.3.7"}, {"status": "affected", "version": "7.4.0", "versionType": "maven", "lessThanOrEqual": "7.4.3.111"}], "defaultStatus": "unaffected"}, {"vendor": "Liferay", "product": "DXP", "versions": [{"status": "affected", "version": "7.3.10", "versionType": "maven", "lessThanOrEqual": "7.3.10-u36"}, {"status": "affected", "version": "7.4.13", "versionType": "maven", "lessThanOrEqual": "7.4.13-u92"}, {"status": "affected", "version": "2023.Q3.1", "versionType": "maven", "lessThanOrEqual": "2023.Q3.8"}, {"status": "affected", "version": "2023.Q4.0", "versionType": "maven", "lessThanOrEqual": "2023.Q4.5"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.", "supportingMedia": [{"type": "text/html", "value": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "providerMetadata": {"orgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "shortName": "Liferay", "dateUpdated": "2024-10-22T15:12:42.223Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38002", "state": "PUBLISHED", "dateUpdated": "2024-10-22T15:22:55.078Z", "dateReserved": "2024-06-11T15:40:10.985Z", "assignerOrgId": "8b54e794-c6f0-462e-9faa-c1001a673ac3", "datePublished": "2024-10-22T15:12:42.223Z", "assignerShortName": "Liferay"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*", "matchCriteriaId": "6F6A98ED-E694-4F39-95D0-C152BD1EC115", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*", "matchCriteriaId": "96E84DBC-C740-4E23-8D1D-83C8AE49813E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023:q3.1:*:*:*:*:*:*", "matchCriteriaId": "1A13C2E9-9260-466E-9D98-0021CB2F41F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023:q3.8:*:*:*:*:*:*", "matchCriteriaId": "44D45214-03A5-45A5-B413-1648BD0A740C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023:q4.0:*:*:*:*:*:*", "matchCriteriaId": "B6C54C71-6885-475B-939B-CEC309579BBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:2023:q4.5:*:*:*:*:*:*", "matchCriteriaId": "BE1390BB-5145-4DDF-B113-9F8B190D4E0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F2C2272-3E19-4836-BCA5-660208D5985D", "versionEndIncluding": "7.3.7", "versionStartIncluding": "7.3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D6470C7-9D36-43F3-86CB-B79ED9EA53F4", "versionEndExcluding": "7.4.3.112", "versionStartIncluding": "7.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API."}, {"lang": "es", "value": " El componente workflow en Liferay Portal 7.3.2 a 7.4.3.111, y Liferay DXP 2023.Q4.0 a 2023.Q4.5, 2023.Q3.1 a 2023.Q3.8, 7.4 GA a la actualizaci\u00f3n 92 y 7.3 GA a la actualizaci\u00f3n 36 no verifica correctamente los permisos de usuario antes de actualizar una definici\u00f3n de workflow, lo que permite a los usuarios autenticados remotos modificar las definiciones de workflow y ejecutar c\u00f3digo arbitrario (RCE) a trav\u00e9s de la API sin interfaz gr\u00e1fica."}], "id": "CVE-2024-38002", "lastModified": "2024-10-30T14:47:10.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security@liferay.com", "type": "Secondary"}]}, "published": "2024-10-22T15:15:06.277", "references": [{"source": "security@liferay.com", "tags": ["Vendor Advisory"], "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002"}], "sourceIdentifier": "security@liferay.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@liferay.com", "type": "Secondary"}]}

{}