Lucene search
+L

7 matches found

CVE
CVE
added 2026/07/07 8:23 p.m.9 views

CVE-2026-53729

DataEase (open source data visualization/analysis tool) contains an IDOR in the ExportCenter area. Before version 2.10.24, an authenticated user could manipulate the task ID to download, delete, retry, or generate download links for export tasks belonging to other users; additionally, the /export...

8.7CVSS5.9AI score0.00391EPSS
Exploits0References3
Veracode
Veracode
added 2025/11/05 6:57 a.m.8 views

Incorrect Authorization

Liferay Portal is vulnerable to Incorrect Authorization. The vulnerability is due to the Batch Engine failing to properly enforce permission checks for import and export tasks, which allows remote authenticated users to access exported data through the REST APIs...

5.3CVSS6.8AI score0.00234EPSS
Exploits0References4Affected Software3
RedhatCVE
RedhatCVE
added 2025/09/24 10:28 p.m.12 views

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

5.3CVSS6.7AI score0.00234EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/23 12:32 a.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

5.4CVSS7AI score0.00234EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/23 12:32 a.m.3 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

5.4CVSS7AI score0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 9:48 p.m.2 views

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

5.3CVSS6.4AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2025/09/22 9:48 p.m.21 views

CVE-2025-43806

CVE-2025-43806 affects Liferay Portal 7.4.0–7.4.3.112 and Liferay DXP 2023.Q3.1–2023.Q3.10, 2023.Q4.0–2023.Q4.7, and 7.4 GA through update 92.** The Batch Engine’s import/export tasks do not properly enforce permissions, enabling remote authenticated users to access exported data via the REST API...

5.3CVSS6.4AI score0.00234EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder