Lucene search

[email protected]CVE-2022-38512

HistorySep 22, 2022 - 1:15 a.m.

CVE-2022-38512

2022-09-2201:15:11

CWE-862

[email protected]

web.nvd.nist.gov

translation module

liferay portal

liferay dxp

cve-2022-38512

security vulnerability

xliff

unauthorized access

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page’s XLIFF translation file via crafted URL.

Affected configurations

NVD

Node

liferaydxpMatch7.4update_10

liferaydxpMatch7.4update_11

liferaydxpMatch7.4update_12

liferaydxpMatch7.4update_13

liferaydxpMatch7.4update_14

liferaydxpMatch7.4update_15

liferaydxpMatch7.4update_16

liferaydxpMatch7.4update_17

liferaydxpMatch7.4update_18

liferaydxpMatch7.4update_19

liferaydxpMatch7.4update_20

liferaydxpMatch7.4update_21

liferaydxpMatch7.4update_22

liferaydxpMatch7.4update_23

liferaydxpMatch7.4update_24

liferaydxpMatch7.4update_25

liferaydxpMatch7.4update_26

liferaydxpMatch7.4update_27

liferaydxpMatch7.4update_28

liferaydxpMatch7.4update_29

liferaydxpMatch7.4update_3

liferaydxpMatch7.4update_30

liferaydxpMatch7.4update_31

liferaydxpMatch7.4update_32

liferaydxpMatch7.4update_33

liferaydxpMatch7.4update_34

liferaydxpMatch7.4update_35

liferaydxpMatch7.4update_36

liferaydxpMatch7.4update_8

liferaydxpMatch7.4update_9

liferayliferay_portalRange7.4.3.12–7.4.3.36

CPENameOperatorVersion
liferay:dxpliferay dxpeq7.4
liferay:liferay_portalliferay liferay portalle7.4.3.36

CPE	Name	Operator	Version
liferay:dxp	liferay dxp	eq	7.4
liferay:liferay_portal	liferay liferay portal	le	7.4.3.36

References

liferay.com

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-38512

Social References

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2022-38512

prion1 cvelist1 veracode1 osv1 nvd1