Lucene search
K

4 matches found

Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...

5.3CVSS6.9AI score0.00243EPSS
Exploits0References2
CVE
CVE
added 2025/10/13 8:42 p.m.16 views

CVE-2025-62252

The CVE-2025-62252 issue is an IDOR vulnerability in Liferay Portal 7.4.0–7.4.3.111 and Liferay DXP 2023.Q3.1–Q3.10, 2023.Q4.0–Q4.5, and 7.4 GA–update 92. Affected code path is the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_addUserIds parameter, which can let remote authenticated user...

5.3CVSS6.4AI score0.00243EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/13 8:42 p.m.9 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.7 views

PT-2025-41811

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR iss...

5.3CVSS6.4AI score0.00243EPSS
Exploits0References6
Rows per page
Query Builder