CVE-2023-33947

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.4 through 7.4.3.60 Liferay DXP 7.4 before update 61

Description The issue allows remote authenticated users in one virtual instance to view object definitions from a second virtual instance by searching for the object definition, due to the Object module not segmenting object definitions by virtual instance in search.

Recommendations For Liferay Portal versions 7.4.3.4 through 7.4.3.60, update to a version after 7.4.3.60 to resolve the issue. For Liferay DXP 7.4 before update 61, apply update 61 or later to fix the problem. As a temporary workaround, consider restricting search functionality for object definitions to minimize the risk of exploitation.