First published: Wed Sep 21 2022(Updated: )
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay DXP | =7.3 | |
Liferay DXP | =7.3-update_1 | |
Liferay DXP | =7.3-update_2 | |
Liferay DXP | =7.3-update_3 | |
Liferay DXP | =7.3-update_4 | |
Liferay DXP | =7.3-update_5 | |
Liferay DXP | =7.3-update_6 | |
Liferay DXP | =7.3-update_7 | |
Liferay DXP | =7.3-update_8 | |
Liferay DXP | =7.3-update_9 | |
Liferay DXP | =7.4-update_1 | |
Liferay DXP | =7.4-update_10 | |
Liferay DXP | =7.4-update_11 | |
Liferay DXP | =7.4-update_12 | |
Liferay DXP | =7.4-update_13 | |
Liferay DXP | =7.4-update_14 | |
Liferay DXP | =7.4-update_15 | |
Liferay DXP | =7.4-update_16 | |
Liferay DXP | =7.4-update_17 | |
Liferay DXP | =7.4-update_18 | |
Liferay DXP | =7.4-update_19 | |
Liferay DXP | =7.4-update_2 | |
Liferay DXP | =7.4-update_20 | |
Liferay DXP | =7.4-update_21 | |
Liferay DXP | =7.4-update_22 | |
Liferay DXP | =7.4-update_23 | |
Liferay DXP | =7.4-update_24 | |
Liferay DXP | =7.4-update_25 | |
Liferay DXP | =7.4-update_26 | |
Liferay DXP | =7.4-update_27 | |
Liferay DXP | =7.4-update_28 | |
Liferay DXP | =7.4-update_29 | |
Liferay DXP | =7.4-update_3 | |
Liferay DXP | =7.4-update_30 | |
Liferay DXP | =7.4-update_31 | |
Liferay DXP | =7.4-update_32 | |
Liferay DXP | =7.4-update_33 | |
Liferay DXP | =7.4-update_34 | |
Liferay DXP | =7.4-update_4 | |
Liferay DXP | =7.4-update_5 | |
Liferay DXP | =7.4-update_6 | |
Liferay DXP | =7.4-update_7 | |
Liferay DXP | =7.4-update_8 | |
Liferay DXP | =7.4-update_9 | |
Liferay Liferay Portal | >=7.3.3<7.4.3.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Liferay Portal and DXP vulnerability is CVE-2022-39975.
The severity of CVE-2022-39975 is medium with a CVSS score of 4.3.
CVE-2022-39975 affects Liferay Portal versions 7.3.3 through 7.4.3.34 and Liferay DXP versions 7.3 before update 10 and 7.4 before update 35.
CVE-2022-39975 allows attackers to view unpublished "Content Page" pages in Liferay Portal and DXP via URL manipulation.
Yes, updates and fixes are available for CVE-2022-39975. Please refer to the official Liferay website for more information.