U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVSS v3.1 Statistics for Liferay Inc. as of 06/01/2023

13
72
 
9
67
Reference
0-69.9%
Reference
93.1
Contributor
70-94.9%
 
Provider
95-100%
CVE CNA Value Alignment NIST Value Reason
CVE-2023-33937   (8 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) Required User Interaction (UI) Required
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33938   (7 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) High Privileges Required (PR) None No privileges needed by attacker identified by NVD analyst
User Interaction (UI) Required User Interaction (UI) Required
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33939   (8 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) Required User Interaction (UI) Required
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33940   (7 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) High Privileges Required (PR) Low Attacker as "user" is mentioned, but not identified as high privileges
User Interaction (UI) Required User Interaction (UI) Required
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33941   (8 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) Required User Interaction (UI) Required
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33942   (7 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) None User Interaction (UI) Required Internet browsing, Link clicking and/or file interaction identified
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33943   (8 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) Low Privileges Required (PR) Low
User Interaction (UI) Required User Interaction (UI) Required
Scope (S) Changed Scope (S) Changed
Confidentiality (C) Low Confidentiality (C) Low
Integrity (I) Low Integrity (I) Low
Availability (A) None Availability (A) None
CVE-2023-33949   (7 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) None Privileges Required (PR) None
User Interaction (UI) None User Interaction (UI) None
Scope (S) Unchanged Scope (S) Unchanged
Confidentiality (C) None Confidentiality (C) None
Integrity (I) Low Integrity (I) High No limiting factors for integrity listed
Availability (A) None Availability (A) None
CVE-2023-33950   (7 of 8) Attack Vector (AV) Network Attack Vector (AV) Network
Attack Complexity (AC) Low Attack Complexity (AC) Low
Privileges Required (PR) Low Privileges Required (PR) None No privileges needed by attacker identified by NVD analyst
User Interaction (UI) None User Interaction (UI) None
Scope (S) Unchanged Scope (S) Unchanged
Confidentiality (C) None Confidentiality (C) None
Integrity (I) None Integrity (I) None
Availability (A) High Availability (A) High