First published: Tue Nov 15 2022(Updated: )
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | =7.4 | |
Liferay Liferay Portal | >=7.4.1<7.4.3.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-42128 is medium with a severity value of 5.3.
CVE-2022-42128 affects Liferay Digital Experience Platform version 7.4.
CVE-2022-42128 affects Liferay Portal versions 7.4.1 through 7.4.3.4.
CVE-2022-42128 is a vulnerability in the Hypermedia REST APIs module in Liferay Portal and Liferay DXP that allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Yes, you can find references for CVE-2022-42128 on the Liferay website, the Liferay issue tracker, and the Liferay security vulnerabilities page.