CVE-2022-42131 – com.liferay.portal:release.portal.bom

Package

Manager: maven
Name: com.liferay.portal:release.portal.bom
Vulnerable Version: >=7.1.0 <7.4.3.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00139 pctl0.3453

Details

Improper Certificate Validation in Liferay Portal Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.

Metadata

Created: 2022-11-15T12:00:16Z
Modified: 2022-11-21T23:50:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-cx84-43xc-3gm2/GHSA-cx84-43xc-3gm2.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-cx84-43xc-3gm2
Finding: F163
Auto approve: 1