CVE-2022-28981

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.2

Description A path traversal issue in the Hypermedia REST APIs module allows remote attackers to access files outside of the intended directory via the parameter parameter. This could potentially lead to unauthorized access to sensitive information.

Recommendations For Liferay Portal versions 7.4.0 through 7.4.2, consider restricting access to the Hypermedia REST APIs module until a patch is available. As a temporary workaround, avoid using the parameter parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.