CVE-2022-42131

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.1.0 through 7.4.2 Liferay DXP versions 7.1 before fix pack 27 Liferay DXP versions 7.2 before fix pack 17 Liferay DXP versions 7.3 before service pack 3

Description The issue is related to missing SSL certificate validation in the Dynamic Data Mapping module's REST data providers. This could potentially allow for man-in-the-middle attacks or other security breaches due to the lack of proper validation of SSL certificates.

Recommendations For Liferay Portal versions 7.1.0 through 7.4.2, update to a version that includes the fix for the missing SSL certificate validation issue. For Liferay DXP version 7.1, apply fix pack 27 or later to resolve the issue. For Liferay DXP version 7.2, apply fix pack 17 or later to resolve the issue. For Liferay DXP version 7.3, apply service pack 3 or later to resolve the issue. As a temporary workaround, consider disabling the REST data providers in the Dynamic Data Mapping module until a patch is available.