2 matches found
CVE-2025-43768
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows authenticated users without any permissions to access sensitive information of admin...
CVE-2025-43768
Summary: CVE-2025-43768 affects Liferay Portal and Liferay DXP. Vulnerable software includes Liferay Portal 7.4.0–7.4.3.131 and Liferay DXP releases up to 2024.Q4.7 (and related 2024.Q3.13, Q2.13, Q1.15, plus 7.4 GA up to update 92). Root cause: JSONWS APIs can be accessed by authenticated users ...