5.3
CVE-2025-43758
- EPSS 0.12%
- Veröffentlicht 22.08.2025 18:18:59
- Zuletzt bearbeitet 16.12.2025 14:53:13
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded by object entry and stored in document_library
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version >= 2024.Q1.1 < 2024.Q1.16
Liferay ≫ Digital Experience Platform Version >= 2024.q2.0 <= 2024.q2.13
Liferay ≫ Digital Experience Platform Version >= 2024.q3.1 <= 2024.q3.13
Liferay ≫ Digital Experience Platform Version >= 2024.q4.0 <= 2024.q4.7
Liferay ≫ Digital Experience Platform Version >= 2025.Q1.0 < 2025.Q1.6
Liferay ≫ Digital Experience Platform Version7.4
Liferay ≫ Liferay Portal Version >= 7.4.0 <= 7.4.3.132
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.299 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| security@liferay.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.