← Back

CVE-2022-39975

nvd nist
Published: Sep 22, 2022Modified: May 27, 2025

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

Affected (45)

Liferay
2 products
Dxp
Liferay Portal
Configuration A
45 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Dxp
Version 7.3
Dxp
Version 7.3 update_1
Dxp
Version 7.3 update_2
Dxp
Version 7.3 update_3
Dxp
Version 7.3 update_4
Dxp
Version 7.3 update_5
Dxp
Version 7.3 update_6
Dxp
Version 7.3 update_7
Dxp
Version 7.3 update_8
Dxp
Version 7.3 update_9
Dxp
Version 7.4 update_10
Dxp
Version 7.4 update_11
Dxp
Version 7.4 update_12
Dxp
Version 7.4 update_13
Dxp
Version 7.4 update_14
Dxp
Version 7.4 update_15
Dxp
Version 7.4 update_16
Dxp
Version 7.4 update_17
Dxp
Version 7.4 update_18
Dxp
Version 7.4 update_19
Dxp
Version 7.4 update_1
Dxp
Version 7.4 update_20
Dxp
Version 7.4 update_21
Dxp
Version 7.4 update_22
Dxp
Version 7.4 update_23
Dxp
Version 7.4 update_24
Dxp
Version 7.4 update_25
Dxp
Version 7.4 update_26
Dxp
Version 7.4 update_27
Dxp
Version 7.4 update_28
Dxp
Version 7.4 update_29
Dxp
Version 7.4 update_2
Dxp
Version 7.4 update_30
Dxp
Version 7.4 update_31
Dxp
Version 7.4 update_32
Dxp
Version 7.4 update_33
Dxp
Version 7.4 update_34
Dxp
Version 7.4 update_3
Dxp
Version 7.4 update_4
Dxp
Version 7.4 update_5
Dxp
Version 7.4 update_6
Dxp
Version 7.4 update_7
Dxp
Version 7.4 update_8
Dxp
Version 7.4 update_9
Liferay Portal
From 7.3.3 to 7.4.3.35

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cve@mitre.org
Product
Source: cve@mitre.org
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Product
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory

Timeline

No history available yet.