Main Vulnerability Database Vulnerabilities #VU68605

Information disclosure in Liferay Enterprise Portal - CVE-2022-42129

Published: October 24, 2022

Vulnerability identifier: #VU68605

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-42129

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Liferay Enterprise Portal

Software vendor:
Liferay

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an insecure direct object reference (IDOR) issue in the Dynamic Data Mapping module in the "formInstanceRecordId" parameter. A remote user can view and access form entries.

Remediation

Install updates from vendor's website.

External links

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/125298183

Information disclosure in Liferay Enterprise Portal - CVE-2022-42129

Description

Remediation

External links

Please verify you're human