CVE-2022-42129

Опубликовано: 15 нояб. 2022

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter.

Ссылки

http://liferay.com
Vendor Advisory
https://issues.liferay.com/browse/LPE-17448
Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
Vendor Advisory
http://liferay.com
Vendor Advisory
https://issues.liferay.com/browse/LPE-17448
Vendor Advisory
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.3.2 (включая) до 7.4.3.5 (исключая)

EPSS

Процентиль: 41%

0.00191

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-g6x4-57hp-j4xm