CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0–7.4.3.4 and Liferay DXP 7.1–7.4 exposed an information-disclosure vulnerability where form entries could be viewed/accessed without proper permission checks. Root cause: inadequate permission validation for form entries in the DDM, enabling ...

PT-2022-26275 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.4.3.4 Liferay DXP versions 7.3 before update 4, and 7.4 GA Description: An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module allows remote authenticated users to vie...

CVE-2022-42129

CVE-2022-42129 describes an insecure direct object reference (IDOR) in the Dynamic Data Mapping module of Liferay Portal 7.3.2–7.4.3.4 and Liferay DXP 7.3 before update 4, 7.4 GA . The vulnerability allows remote authenticated users to view/access form entries via the formInstanceRecordId paramet...

CVE-2022-42131

The CVE-2022-42131 issue is a missing SSL certificate validation flaw in the Dynamic Data Mapping (DDM) module’s REST data providers. Affected products and versions include Liferay Portal 7.1.0–7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3. Th...

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

PT-2022-26277 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.4 Liferay DXP versions 7.1 before fix pack 27 Liferay DXP versions 7.2 before fix pack 19 Liferay DXP versions 7.3 before update 4 Liferay DXP version 7.4 GA Description: The Dynamic Data Mapping...

PT-2022-26278 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.2 Liferay DXP versions 7.1 before fix pack 27 Liferay DXP versions 7.2 before fix pack 17 Liferay DXP versions 7.3 before service pack 3 Description: The issue is related to missing SSL certificate...

CVE-2022-42129

An Insecure direct object reference IDOR vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the formInstanceRecordId parameter...

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

CVE-2022-42130

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view and access all form entries...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal和Liferay DXP 信任管理问题漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

Liferay Portal and Liferay DXP Fails to Properly Check User Permissions

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...

com.liferay:com.liferay.dynamic.data.lists.form.web (>=1.0.0 <=2.0.14), com.liferay:com.liferay.dynamic.data.mapping.form.renderer (>=2.0.0 <=2.1.15) +17 more potentially affected by CVE-2022-26594 via com.liferay:com.liferay.dynamic.data.mapping.form.field.type (=2.0.0)

com.liferay:com.liferay.dynamic.data.mapping.form.field.type MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.dynamic.data.mapping.form.field.type and may be impacted: -...

com.liferay:com.liferay.document.library.service (>=1.0.0 <=2.0.8), com.liferay:com.liferay.dynamic.data.lists.service (>=1.0.0 <=1.1.48) +10 more potentially affected by CVE-2021-38268 via com.liferay:com.liferay.dynamic.data.mapping.service (>=1.0.0 <=2.2.0)

com.liferay:com.liferay.dynamic.data.mapping.service MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.5, =1.0.30 Source cves: CVE-2021-38268 Source advisory: OSV:GHSA-F855-2RVM-5J7H...

GHSA-F855-2RVM-5J7H Liferay Portal and Liferay DXP has incorrect default permissions for site members

The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users...

Liferay Portal and Liferay DXP has incorrect default permissions for site members

The Dynamic Data Mapping module before 4.0.39 from Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenticated users...