CVE-2022-42130

EPSS 0.26%
Veröffentlicht 15.11.2022 02:15:11
Zuletzt bearbeitet 30.04.2025 19:15:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.1 Update-

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_10

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_11

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_12

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_13

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_14

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_15

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_16

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_17

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_18

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_19

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_20

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_21

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_22

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_23

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_24

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_25

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_26

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_4

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_5

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_6

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_7

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_8

Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_9

Liferay ≫ Digital Experience Platform Version7.2 Update-

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_1

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_10

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_11

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_12

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_13

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_14

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_15

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_16

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_2

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_3

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_4

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_5

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_6

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_7

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_8

Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_9

Liferay ≫ Digital Experience Platform Version7.3 Update-

Liferay ≫ Digital Experience Platform Version7.4 Update-

Liferay ≫ Liferay Portal Version >= 7.1.0 < 7.4.3.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.497

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

http://liferay.com

Vendor Advisory

https://issues.liferay.com/browse/LPE-17447

Vendor Advisory

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42130

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-42130

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-42130

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-42130

EUVD