Liferay Portal@7.4.3.5 Security Vulnerabilities and Issues — Liferay Portal@7.4.3.5 CVE List

Lucene search

LiferayLiferay Portal7.4.3.5

2 matches found

CVE•added 2022/11/15 1:15 a.m.•64 views

CVE-2022-42125

Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows attackers to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.

7.5CVSS7.4AI score0.00218EPSS

CVE•added 2022/11/15 1:15 a.m.•63 views

CVE-2022-42127

The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote attackers to obtain the history of all friendly URLs that was assigned to a page.

5.3CVSS5.2AI score0.0025EPSS