Lucene search
K

136 matches found

OSV
OSV
added 2024/01/31 3:19 p.m.20 views

BIT-LIFERAY-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS4.3AI score0.0073EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 3:19 p.m.20 views

BIT-LIFERAY-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.1AI score0.00338EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 3:17 p.m.20 views

BIT-LIFERAY-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS6AI score0.00744EPSS
Exploits0References1
CVE
CVE
added 2023/07/24 3:19 p.m.224 views

CVE-2023-3640

CVE-2023-3640 – summary (Linux kernel x86 per-CPU entry area leak) A local memory leakage flaw was identified in the Linux kernel’s cpu_entry_area mapping for X86, enabling a local user to infer addresses of exception stacks and other kernel data. The vulnerability stems from partial randomness o...

7.8CVSS6.7AI score0.00719EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/06/14 4:10 a.m.20 views

Missing Authorization

com.liferay.dynamic.data.mapping.form is vulnerable to Missing Authorization. The vulnerability exists in the dynamic data mapping because it does not limit the document and Media files which can be downloaded from a form, allowing an attacker to download any file from Document and Media via a...

7.5CVSS6.6AI score0.00744EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2023/05/24 6:30 p.m.21 views

GHSA-W6F8-MXF5-4VF8 Missing authorization in Liferay portal

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS6AI score0.00744EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/05/24 6:30 p.m.37 views

Missing authorization in Liferay portal

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS6.7AI score0.00744EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/24 4:15 p.m.23 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS5.8AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2023/05/24 4:15 p.m.29 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

7.5CVSS7.1AI score0.00744EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 4:15 p.m.25 views

Design/Logic Flaw

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

5CVSS7.4AI score0.00744EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/05/24 3:42 p.m.85 views

CVE-2023-33948

The CVE-2023-33948 entry concerns the Dynamic Data Mapping module in Liferay Portal 7.4.3.67 and Liferay DXP 7.4 update 67, where Document and Media files can be downloaded from a Form without proper restrictions, allowing remote attackers to retrieve arbitrary files via crafted URLs. Connected s...

7.5CVSS7.3AI score0.00744EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2023/05/24 3:42 p.m.14 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

5.3CVSS7.1AI score0.00744EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/05/24 3:42 p.m.32 views

CVE-2023-33948

The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL...

5.3CVSS7.6AI score0.00744EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

7.5CVSS7.3AI score0.00744EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.5 views

PT-2023-24590 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal version 7.4.3.67 Liferay DXP 7.4 update 67 Description: The issue allows remote attackers to download any file from Document and Media via a crafted URL, due to the Dynamic Data Mapping module not limiting Document and Media...

7.5CVSS7.3AI score0.00744EPSS
Exploits0References8
CVE
CVE
added 2023/02/23 12:0 a.m.326 views

CVE-2023-0597

CVE-2023-0597 describes a memory-leak flaw in the Linux kernel CPU entry_area mapping for X86 CPU data, enabling a local user to guess memory locations of exception stacks and other data. Connected documents (Astra Linux bulletin and IBM page) corroborate the general description but do not provid...

5.5CVSS5.8AI score0.00301EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2022/11/16 3:32 p.m.24 views

Information Disclosure

Liferay Portal is vulnerable to information disclosure. The vulnerability exists in the data mapping module because of not checking permission of form entries which allows an attacker to view and access all form entries...

4.3CVSS4.6AI score0.0073EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/11/15 12:0 p.m.18 views

GHSA-MXVQ-CV4X-P3JW Incorrect Default Permissions in Liferay Portal

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

4.3CVSS4.3AI score0.0073EPSS
Exploits0References4
OSV
OSV
added 2022/11/15 12:0 p.m.22 views

GHSA-CX84-43XC-3GM2 Improper Certificate Validation in Liferay Portal

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.1AI score0.00338EPSS
Exploits0References4
OSV
OSV
added 2022/11/15 12:0 p.m.30 views

GHSA-G6X4-57HP-J4XM Authorization Bypass in Liferay Portal

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

4.3CVSS4.3AI score0.0073EPSS
Exploits0References4
Rows per page
Query Builder