SecBoard
Zurück zur CVE-Übersicht

CVE-2022-42129

MEDIUM(4.3)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Risk Signal Score11/100 — NIEDRIG
  • CVSS 4.3 — Mittel

EPSS-Score

1%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

4.3

Technische Schwere

Beschreibung

An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.

Referenzen