Lucene search

[email protected]NVD:CVE-2022-42128

HistoryNov 15, 2022 - 1:15 a.m.

CVE-2022-42128

2022-11-1501:15:13

CWE-276

[email protected]

web.nvd.nist.gov

liferay portal

dxp

hypermedia rest apis

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

56.5%

JSON

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.

Affected configurations

NVD

Node

liferaydigital_experience_platformMatch7.4-

liferayliferay_portalRange7.4.1–7.4.3.5

References

liferay.com

issues.liferay.com/browse/LPE-17595

portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42128

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.002 Low

EPSS

Percentile

56.5%

JSON

Related for NVD:CVE-2022-42128

prion1 osv2 github1 cve1 cvelist1