13 matches found
Insecure Direct Object Reference (IDOR)
com.liferay.commerce, com.liferay.commerce.order.content.web is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper access control on the CommerceOrderPortletcommerceOrderId parameter, which allows an attacker to access shipment addresses from other virtual...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaycommerceorderwebinternalportletCommerceOrderPortletcommerceOrderId parameter. An attacker can access shipment addresses belonging to other virtual instances by...
EUVD-2025-34077
Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key...
GHSA-FHCW-PX4Q-PMVV Liferay Commerce Order Content Web is Vulnerable to Authorization Bypass Through User-Controlled Key
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
Insecure Direct Object Reference IDOR vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the...
CVE-2025-62241
CVE-2025-62241 affects Liferay DXP 2023.Q4.1–2023.Q4.5 and involves an IDOR in the CommerceOrderPortlet_commerceOrderId parameter, allowing an authenticated user to view shipment addresses from other virtual instances. Affected component is com.liferay.commerce, with the underlying issue being im...
PT-2025-41802
Name of the Vulnerable Software and Affected Versions Liferay DXP versions 2023.Q4.1 through 2023.Q4.5 Description An Insecure Direct Object Reference IDOR issue exists in Liferay DXP that allows authenticated remote users to access shipment addresses from different virtual instances. This occurs...