Lucene search
K

42 matches found

CNNVD
CNNVD
added 2023/07/17 12:0 a.m.5 views

Spring HATEOAS 安全漏洞

Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Spring HATEOAS versions 1.5.4 and earlier, 2.0.4 and earlier, and 2.1.0, which stems from the fa...

5.3CVSS5.6AI score0.00403EPSS
Exploits0References2
OSV
OSV
added 2023/02/28 10:21 p.m.46 views

CVE-2023-25575 Secured properties in API Platform Core may be accessible within collections

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the security option of the ApiPlatform\Metadata\ApiProperty attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON...

7.7CVSS6.5AI score0.00604EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/15 12:0 p.m.31 views

Incorrect Default Permissions in Liferay Portal

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5.3CVSS5.4AI score0.0082EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/15 12:0 p.m.19 views

GHSA-WGQM-QP44-CG6X Incorrect Default Permissions in Liferay Portal

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5.3CVSS5.2AI score0.0082EPSS
Exploits0References4
NVD
NVD
added 2022/11/15 1:15 a.m.32 views

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5.3CVSS0.0082EPSS
Exploits0References3
Prion
Prion
added 2022/11/15 1:15 a.m.29 views

Design/Logic Flaw

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5CVSS5.2AI score0.0082EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.37 views

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

5.5AI score0.0082EPSS
Exploits0References2
CVE
CVE
added 2022/11/15 12:0 a.m.86 views

CVE-2022-42128

CVE-2022-42128 affects Liferay Portal 7.4.1–7.4.3.4 and Liferay DXP 7.4 GA. The Hypermedia REST APIs module fails to properly enforce permissions, allowing remote attackers to obtain a WikiNode object through WikiNodeResource.getSiteWikiNodeByExternalReferenceCode. Impact is information disclosur...

5.3CVSS5.2AI score0.0082EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.8 views

PT-2022-26274 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.1 through 7.4.3.4 Liferay DXP version 7.4 GA Description: The issue concerns the Hypermedia REST APIs module, which fails to properly check permissions. This allows remote attackers to obtain a WikiNode object via...

5.3CVSS7.3AI score0.0082EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2022/11/15 12:0 a.m.10 views

CVE-2022-42128

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API...

7.1AI score0.0082EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

5.3CVSS5.7AI score0.0082EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/06 12:0 a.m.4 views

PT-2022-19884 · H5P +1 · H5P +1

Name of the Vulnerable Software and Affected Versions: H5P affected versions not specified Description: The issue is related to a CSRF risk when enabling and disabling installed H5P libraries, as the necessary token to prevent this risk was not included. Recommendations: At the moment, there is n...

9.8CVSS6.2AI score0.02587EPSS
Exploits2References55
Github Security Blog
Github Security Blog
added 2022/09/23 12:0 a.m.7 views

Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module

Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7.5AI score0.01084EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/09/23 12:0 a.m.2 views

GHSA-5J86-VMPX-42PC Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module

Path traversal vulnerability in the Hypermedia REST APIs module before 4.0.12 from Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7.4AI score0.01084EPSS
Exploits0References5
OSV
OSV
added 2022/09/22 1:15 a.m.22 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS7AI score0.01084EPSS
Exploits0References2
NVD
NVD
added 2022/09/22 1:15 a.m.10 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.5CVSS0.01084EPSS
Exploits0References2
Prion
Prion
added 2022/09/22 1:15 a.m.15 views

Path traversal

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

5CVSS7.5AI score0.01084EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/22 12:6 a.m.5 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7AI score0.01084EPSS
Exploits0References1
CVE
CVE
added 2022/09/22 12:6 a.m.509 views

CVE-2022-28981

CVE-2022-28981 is a path traversal vulnerability in the Hypermedia REST APIs module of Liferay Portal 7.4.0–7.4.2. The issue allows remote attackers to access files outside com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter. Impact is file disclosure; CVSS v3.1 base...

7.5CVSS7.5AI score0.01084EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/09/22 12:6 a.m.11 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter...

7.7AI score0.01084EPSS
Exploits0References1
Rows per page
Query Builder