Vulnerability Description
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Digital Experience Platform | 7.4 |
| Liferay | Liferay Portal | >= 7.4.1, < 7.4.3.5 |
Related Weaknesses (CWE)
References
- http://liferay.comVendor Advisory
- https://issues.liferay.com/browse/LPE-17595Vendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheVendor Advisory
- http://liferay.comVendor Advisory
- https://issues.liferay.com/browse/LPE-17595Vendor Advisory
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisheVendor Advisory
FAQ
What is CVE-2022-42128?
CVE-2022-42128 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the W...
How severe is CVE-2022-42128?
CVE-2022-42128 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-42128?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Digital Experience Platform, Liferay Liferay Portal.