Количество 2
Количество 2
CVE-2025-43768
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs.
GHSA-cv9j-mg9w-v7wm
Liferay Portal JSONWS API endpoint shares sensitive information
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-43768 Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin users using JSONWS APIs. | CVSS3: 7.7 | 0% Низкий | 6 месяцев назад |
| GHSA-cv9j-mg9w-v7wm Liferay Portal JSONWS API endpoint shares sensitive information | 0% Низкий | 6 месяцев назад |
Уязвимостей на страницу