5.3
CVE-2025-62242
- EPSS 0.05%
- Veröffentlicht 13.10.2025 19:10:30
- Zuletzt bearbeitet 07.11.2025 19:11:06
- Quelle security@liferay.com
- CVE-Watchlists
- Unerledigt
Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account to view addresses from a different account via the _com_liferay_account_admin_web_internal_portlet_AccountEntriesAdminPortlet_addressId parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version7.4
Liferay ≫ Digital Experience Platform Version2023.q3.1
Liferay ≫ Digital Experience Platform Version2023.q3.2
Liferay ≫ Digital Experience Platform Version2023.q3.3
Liferay ≫ Digital Experience Platform Version2023.q3.4
Liferay ≫ Digital Experience Platform Version2023.q3.5
Liferay ≫ Digital Experience Platform Version2023.q3.6
Liferay ≫ Digital Experience Platform Version2023.q3.7
Liferay ≫ Digital Experience Platform Version2023.q3.8
Liferay ≫ Digital Experience Platform Version2023.q3.9
Liferay ≫ Digital Experience Platform Version2023.q3.10
Liferay ≫ Digital Experience Platform Version2023.q4.1
Liferay ≫ Digital Experience Platform Version2023.q4.2
Liferay ≫ Digital Experience Platform Version2023.q4.3
Liferay ≫ Digital Experience Platform Version2023.q4.4
Liferay ≫ Digital Experience Platform Version2023.q4.5
Liferay ≫ Liferay Portal Version >= 7.4.1 < 7.4.3.112
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.153 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security@liferay.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.