medium
6.3
Advisory Published
Advisory Published
Updated

CVE-2022-45320

First published: Tue Feb 20 2024(Updated: )

Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Liferay 7.4 GA<7.4.3.16
Liferay 7.4 GA<7.2 fix pack 19
Liferay 7.4 GA<7.3 update 6
Liferay 7.4 GA<7.4 update 16
maven/com.liferay.portal:release.portal.bom<7.4.3.16
7.4.3.16
Liferay DXP<7.2
Liferay DXP=7.2
Liferay DXP=7.2-fix_pack_1
Liferay DXP=7.2-fix_pack_10
Liferay DXP=7.2-fix_pack_11
Liferay DXP=7.2-fix_pack_12
Liferay DXP=7.2-fix_pack_13
Liferay DXP=7.2-fix_pack_14
Liferay DXP=7.2-fix_pack_15
Liferay DXP=7.2-fix_pack_16
Liferay DXP=7.2-fix_pack_17
Liferay DXP=7.2-fix_pack_18
Liferay DXP=7.2-fix_pack_2
Liferay DXP=7.2-fix_pack_3
Liferay DXP=7.2-fix_pack_4
Liferay DXP=7.2-fix_pack_5
Liferay DXP=7.2-fix_pack_6
Liferay DXP=7.2-fix_pack_7
Liferay DXP=7.2-fix_pack_8
Liferay DXP=7.2-fix_pack_9
Liferay DXP=7.2-service_pack_1
Liferay DXP=7.2-service_pack_2
Liferay DXP=7.2-service_pack_3
Liferay DXP=7.2-service_pack_4
Liferay DXP=7.2-service_pack_5
Liferay DXP=7.2-service_pack_6
Liferay DXP=7.2-service_pack_7
Liferay DXP=7.2-service_pack_8
Liferay DXP=7.3
Liferay DXP=7.3-fix_pack_1
Liferay DXP=7.3-fix_pack_2
Liferay DXP=7.3-service_pack_1
Liferay DXP=7.3-service_pack_3
Liferay DXP=7.3-update4
Liferay DXP=7.3-update5
Liferay DXP=7.4
Liferay DXP=7.4-update1
Liferay DXP=7.4-update10
Liferay DXP=7.4-update11
Liferay DXP=7.4-update12
Liferay DXP=7.4-update13
Liferay DXP=7.4-update14
Liferay DXP=7.4-update15
Liferay DXP=7.4-update2
Liferay DXP=7.4-update3
Liferay DXP=7.4-update4
Liferay DXP=7.4-update5
Liferay DXP=7.4-update6
Liferay DXP=7.4-update7
Liferay DXP=7.4-update8
Liferay DXP=7.4-update9
Liferay 7.4 GA<7.4.3.16
<7.2
=7.2
=7.2-fix_pack_1
=7.2-fix_pack_10
=7.2-fix_pack_11
=7.2-fix_pack_12
=7.2-fix_pack_13
=7.2-fix_pack_14
=7.2-fix_pack_15
=7.2-fix_pack_16
=7.2-fix_pack_17
=7.2-fix_pack_18
=7.2-fix_pack_2
=7.2-fix_pack_3
=7.2-fix_pack_4
=7.2-fix_pack_5
=7.2-fix_pack_6
=7.2-fix_pack_7
=7.2-fix_pack_8
=7.2-fix_pack_9
=7.2-service_pack_1
=7.2-service_pack_2
=7.2-service_pack_3
=7.2-service_pack_4
=7.2-service_pack_5
=7.2-service_pack_6
=7.2-service_pack_7
=7.2-service_pack_8
=7.3
=7.3-fix_pack_1
=7.3-fix_pack_2
=7.3-service_pack_1
=7.3-service_pack_3
=7.3-update4
=7.3-update5
=7.4
=7.4-update1
=7.4-update10
=7.4-update11
=7.4-update12
=7.4-update13
=7.4-update14
=7.4-update15
=7.4-update2
=7.4-update3
=7.4-update4
=7.4-update5
=7.4-update6
=7.4-update7
=7.4-update8
=7.4-update9
<7.4.3.16

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2022-45320?

    CVE-2022-45320 is a medium severity vulnerability that allows remote authenticated users to gain ownership of wiki pages.

  • How do I fix CVE-2022-45320?

    To remediate CVE-2022-45320, upgrade Liferay Portal to version 7.4.3.16 or Liferay DXP to the appropriate patched version.

  • Which versions are affected by CVE-2022-45320?

    CVE-2022-45320 affects Liferay Portal versions prior to 7.4.3.16 and Liferay DXP versions before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16.

  • What impact does CVE-2022-45320 have on user data?

    CVE-2022-45320 can lead to unauthorized modifications by allowing users to claim ownership of other users' wiki pages.

  • Is there a workaround for CVE-2022-45320?

    There are no recommended workarounds for CVE-2022-45320; patching the software is the advised course of action.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203