CVE Vulnerability

CVE-2022-39975

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://liferay.com Product
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-39975 Patch Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_1:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_2:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_4:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_5:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_6:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_7:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_9:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_8:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_15:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_16:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_18:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_17:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_19:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_20:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_21:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_22:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_23:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_24:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_25:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_26:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_27:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_28:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_29:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_30:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_31:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_32:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_33:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.4:update_34:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_4:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_5:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_6:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_7:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_8:*:*:*:*:*:*
cpe:2.3:a:liferay:dxp:7.3:update_9:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
Information

Published : 2022-09-22 12:15

Updated : 2022-09-23 06:17

NVD link : CVE-2022-39975

Mitre link : CVE-2022-39975

Products Affected
No products.
CWE
CWE-862