Lucene search
K

138 matches found

NVD
NVD
added 2022/11/15 1:15 a.m.32 views

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5.3CVSS0.0082EPSS
Exploits0References3
Prion
Prion
added 2022/11/15 1:15 a.m.29 views

Design/Logic Flaw

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5CVSS5.2AI score0.0082EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.37 views

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5.5AI score0.0082EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.86 views

CVE-2022-42128

CVE-2022-42128 affects Liferay Portal 7.4.1–7.4.3.4 and Liferay DXP 7.4 GA. The Hypermedia REST APIs module fails to properly enforce permissions, allowing remote attackers to obtain a WikiNode object through WikiNodeResource.getSiteWikiNodeByExternalReferenceCode. Impact is information disclosur...

5.3CVSS5.2AI score0.0082EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.10 views

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

7.1AI score0.0082EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

5.3CVSS5.7AI score0.0082EPSS
Exploits0References5
Qualys Blog
Qualys Blog
added 2022/10/11 9:45 p.m.25 views

JSON Web Token (JWT) Weaknesses

JSON Web Tokens, or JWTs, are an encoded set of claims commonly seen in REST APIs and Single page web applications SPAs. These encoded claims are used to provide identification of the requester and other information related to accessing. It is a stateless mechanism, and the token is sent with eve...

Exploits0
OSV
OSV
added 2022/09/23 12:0 a.m.3 views

GHSA-5J86-VMPX-42PC Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module

Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7.4AI score0.01084EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.7 views

Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module

Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7.5AI score0.01084EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2022/09/22 1:15 a.m.11 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS0.01084EPSS
Exploits0References2
Prion
Prion
added 2022/09/22 1:15 a.m.16 views

Path traversal

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

5CVSS7.5AI score0.01084EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/22 12:6 a.m.5 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7AI score0.01084EPSS
Exploits0References1
CVE
CVE
added 2022/09/22 12:6 a.m.509 views

CVE-2022-28981

CVE-2022-28981 is a path traversal vulnerability in the Hypermedia REST APIs module of Liferay Portal 7.4.0–7.4.2. The issue allows remote attackers to access files outside com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter. Impact is file disclosure; CVSS v3.1 base...

7.5CVSS7.5AI score0.01084EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/22 12:6 a.m.12 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.7AI score0.01084EPSS
Exploits0References1
OSV
OSV
added 2022/09/22 12:6 a.m.22 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7AI score0.01084EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/22 12:0 a.m.4 views

PT-2022-19341 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.0 through 7.4.2 Description: A path traversal issue in the Hypermedia REST APIs module allows remote attackers to access files outside of the intended directory via the parameter parameter. This could potentially...

7.5CVSS7.3AI score0.01084EPSS
Exploits0References10
Veracode
Veracode
added 2022/09/01 11:40 a.m.22 views

Deserialization Of Untrusted Data

Apache Geode is vulnerable to deserialization of untrusted data. The vulnerability exists because the process-wide serialization filters are not properly configured on REST APIs which allows an attacker to inject and execute arbitrary code through the untrusted data...

6.5CVSS7AI score0.01335EPSS
Exploits0References6Affected Software2
Spring Security Advisories
Spring Security Advisories
added 2022/06/07 12:0 p.m.38 views

This Week in Spring - June 7th, 2022

Hi, Spring fans! Welcome to another installment of This Week in Spring! Ive just landed in tantalizing Toronto, Canada, for the SpringOne Tour Toronto show. Im so excited to be here, at long last, after so long away from one of my favorite countries. Ill be doing two talks - my usual, Kubernetes...

0.5AI score
Exploits0
Kitploit
Kitploit
added 2022/05/29 9:30 p.m.33 views

Mitmproxy2Swagger - Automagically Reverse-Engineer REST APIs Via Capturing Traffic

A tool for automatically converting mitmproxy captures to OpenAPI 3.0 specifications. This means that you can automatically reverse-engineer REST APIs by just running the apps and capturing the traffic. Installation First you will need python3 and pip3. $ pip install mitmproxy2swagger ... or ... ...

6.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:15 a.m.32 views

Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability

Jenkins Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code elements. Both the pipeline validation REST APIs and actual script/pipeline execution are affected. This allowed users with...

8.8CVSS7.9AI score0.81552EPSS
Exploits9References9Affected Software1
Rows per page
Query Builder