SecBoard
Zurück zur CVE-Übersicht

CVE-2022-42128

MEDIUM(5.3)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Risk Signal Score13/100 — NIEDRIG
  • CVSS 5.3 — Mittel

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

5.3

Technische Schwere

Beschreibung

The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote attackers to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.

Referenzen