CVE Vulnerability

CVE-2022-42126

The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42126 Vendor Advisory
https://issues.liferay.com/browse/LPE-17593 Vendor Advisory
http://liferay.com Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
Information

Published : 2022-11-15 01:15

Updated : 2022-11-18 04:55

NVD link : CVE-2022-42126

Mitre link : CVE-2022-42126

Products Affected
No products.
CWE
NVD-CWE-noinfo