Lucene search

CVE-2022-42128

🗓️ 15 Nov 2022 01:13:15Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 53 Views

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, allowing remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API

Reporter	Title	Published	Views	Family All 6
Prion	Design/Logic Flaw	15 Nov 202201:15	–	prion
OSV	Incorrect Default Permissions in Liferay Portal	15 Nov 202212:00	–	osv
OSV	BIT-liferay-2022-42128	31 Jan 202415:20	–	osv
NVD	CVE-2022-42128	15 Nov 202201:15	–	nvd
Github Security Blog	Incorrect Default Permissions in Liferay Portal	15 Nov 202212:00	–	github
Cvelist	CVE-2022-42128	15 Nov 202200:00	–	cvelist

Nvd

Node

liferay digital_experience_platformMatch7.4-

liferay liferay_portalRange7.4.1–7.4.3.5

Source	Link
liferay	www.liferay.com/
issues	www.issues.liferay.com/browse/LPE-17595
portal	www.portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42128

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

15 Nov 2022 01:15Current

5.2Medium risk

Vulners AI Score5.2

CVSS35.3

EPSS0.00192

CWE-276