CVE-2022-39975

CVSS v3.1 4.3 (Medium)

EPSS 0.05 % (24^th)

Affected Products 2

Advisories 1

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-09-22 00:15:10
(2 years ago)
Updated Date: 2022-09-23 18:17:27
(2 years ago)

Affected Products

Liferay

Configuration #1

	CPE23	From	Up To
Liferay Dxp 7.3	cpe:2.3:a:liferay:dxp:7.3:-
Liferay Dxp 7.3 Update 1	cpe:2.3:a:liferay:dxp:7.3:update_1
Liferay Dxp 7.3 Update 2	cpe:2.3:a:liferay:dxp:7.3:update_2
Liferay Dxp 7.3 Update 3	cpe:2.3:a:liferay:dxp:7.3:update_3
Liferay Dxp 7.3 Update 4	cpe:2.3:a:liferay:dxp:7.3:update_4
Liferay Dxp 7.3 Update 5	cpe:2.3:a:liferay:dxp:7.3:update_5
Liferay Dxp 7.3 Update 6	cpe:2.3:a:liferay:dxp:7.3:update_6
Liferay Dxp 7.3 Update 7	cpe:2.3:a:liferay:dxp:7.3:update_7
Liferay Dxp 7.3 Update 8	cpe:2.3:a:liferay:dxp:7.3:update_8
Liferay Dxp 7.3 Update 9	cpe:2.3:a:liferay:dxp:7.3:update_9
Liferay Dxp 7.4 Update 1	cpe:2.3:a:liferay:dxp:7.4:update_1
Liferay Dxp 7.4 Update 10	cpe:2.3:a:liferay:dxp:7.4:update_10
Liferay Dxp 7.4 Update 11	cpe:2.3:a:liferay:dxp:7.4:update_11
Liferay Dxp 7.4 Update 12	cpe:2.3:a:liferay:dxp:7.4:update_12
Liferay Dxp 7.4 Update 13	cpe:2.3:a:liferay:dxp:7.4:update_13
Liferay Dxp 7.4 Update 14	cpe:2.3:a:liferay:dxp:7.4:update_14
Liferay Dxp 7.4 Update 15	cpe:2.3:a:liferay:dxp:7.4:update_15
Liferay Dxp 7.4 Update 16	cpe:2.3:a:liferay:dxp:7.4:update_16
Liferay Dxp 7.4 Update 17	cpe:2.3:a:liferay:dxp:7.4:update_17
Liferay Dxp 7.4 Update 18	cpe:2.3:a:liferay:dxp:7.4:update_18
Liferay Dxp 7.4 Update 19	cpe:2.3:a:liferay:dxp:7.4:update_19
Liferay Dxp 7.4 Update 2	cpe:2.3:a:liferay:dxp:7.4:update_2
Liferay Dxp 7.4 Update 20	cpe:2.3:a:liferay:dxp:7.4:update_20
Liferay Dxp 7.4 Update 21	cpe:2.3:a:liferay:dxp:7.4:update_21
Liferay Dxp 7.4 Update 22	cpe:2.3:a:liferay:dxp:7.4:update_22
Liferay Dxp 7.4 Update 23	cpe:2.3:a:liferay:dxp:7.4:update_23
Liferay Dxp 7.4 Update 24	cpe:2.3:a:liferay:dxp:7.4:update_24
Liferay Dxp 7.4 Update 25	cpe:2.3:a:liferay:dxp:7.4:update_25
Liferay Dxp 7.4 Update 26	cpe:2.3:a:liferay:dxp:7.4:update_26
Liferay Dxp 7.4 Update 27	cpe:2.3:a:liferay:dxp:7.4:update_27
Liferay Dxp 7.4 Update 28	cpe:2.3:a:liferay:dxp:7.4:update_28
Liferay Dxp 7.4 Update 29	cpe:2.3:a:liferay:dxp:7.4:update_29
Liferay Dxp 7.4 Update 3	cpe:2.3:a:liferay:dxp:7.4:update_3
Liferay Dxp 7.4 Update 30	cpe:2.3:a:liferay:dxp:7.4:update_30
Liferay Dxp 7.4 Update 31	cpe:2.3:a:liferay:dxp:7.4:update_31
Liferay Dxp 7.4 Update 32	cpe:2.3:a:liferay:dxp:7.4:update_32
Liferay Dxp 7.4 Update 33	cpe:2.3:a:liferay:dxp:7.4:update_33
Liferay Dxp 7.4 Update 34	cpe:2.3:a:liferay:dxp:7.4:update_34
Liferay Dxp 7.4 Update 4	cpe:2.3:a:liferay:dxp:7.4:update_4
Liferay Dxp 7.4 Update 5	cpe:2.3:a:liferay:dxp:7.4:update_5
Liferay Dxp 7.4 Update 6	cpe:2.3:a:liferay:dxp:7.4:update_6
Liferay Dxp 7.4 Update 7	cpe:2.3:a:liferay:dxp:7.4:update_7
Liferay Dxp 7.4 Update 8	cpe:2.3:a:liferay:dxp:7.4:update_8
Liferay Dxp 7.4 Update 9	cpe:2.3:a:liferay:dxp:7.4:update_9
Liferay Portal from 7.3.3 version and prior 7.4.3.35 version	cpe:2.3:a:liferay:liferay_portal	>= 7.3.3	< 7.4.3.35