BIT-liferay-2022-42129
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2022-42129.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-liferay-2022-42129
- Aliases
-
- CVE-2022-42129
- GHSA-g6x4-57hp-j4xm
- Published
- 2024-01-31T15:19:52.984Z
- Modified
- 2024-02-19T10:36:29.170Z
- Summary
- [none]
- Details
-
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the
formInstanceRecordIdparameter. - Database specific
{ "cpes": [ "cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*" ], "severity": "Medium" }- References
Affected packages
Bitnami / liferay
Package
- Name
- liferay
- Purl
- pkg:bitnami/liferay
Severity
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator