Lucene search
K

13 matches found

Veracode
Veracode
added 2025/12/04 6:12 a.m.6 views

Insecure Direct Object Reference (IDOR)

com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...

5.3CVSS6.7AI score0.00249EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/14 7:46 p.m.19 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00249EPSS
Exploits0References1
Snyk
Snyk
added 2025/10/13 9:31 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...

5.3CVSS7AI score0.00249EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/13 9:31 p.m.12 views

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00249EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...

5.3CVSS7AI score0.00249EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/13 9:31 p.m.6 views

EUVD-2025-34077

Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References5
OSV
OSV
added 2025/10/13 9:31 p.m.3 views

GHSA-FHCW-PX4Q-PMVV Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.8AI score0.00249EPSS
Exploits0References5
OSV
OSV
added 2025/10/13 8:15 p.m.6 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

4.3CVSS5.8AI score0.00249EPSS
Exploits0References1
NVD
NVD
added 2025/10/13 8:15 p.m.11 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 7:32 p.m.4 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 7:32 p.m.9 views

CVE-2025-62241

Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...

5.3CVSS0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 7:32 p.m.14 views

CVE-2025-62241

CVE-2025-62241 affects Liferay DXP 2023.Q4.1–2023.Q4.5 and involves an IDOR in the CommerceOrderPortlet_commerceOrderId parameter, allowing an authenticated user to view shipment addresses from other virtual instances. Affected component is com.liferay.commerce, with the underlying issue being im...

5.3CVSS6.3AI score0.00249EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.8 views

PT-2025-41802

Name of the Vulnerable Software and Affected Versions Liferay DXP versions 2023.Q4.1 through 2023.Q4.5 Description An Insecure Direct Object Reference IDOR issue exists in Liferay DXP that allows authenticated remote users to access shipment addresses from different virtual instances. This occurs...

5.3CVSS6.5AI score0.00249EPSS
Exploits0References5
Rows per page
Query Builder