PT-2024-11698 · Liferay · Liferay Portal+1
Asaf Guterman
·
Published
2024-02-19
·
Updated
2025-03-28
·
CVE-2022-45320
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Liferay Portal versions prior to 7.4.3.16
Liferay DXP versions prior to 7.2 fix pack 19
Liferay DXP version 7.3 before update 6
Liferay DXP version 7.4 before update 16
Description
The issue allows remote authenticated users to become the owner of a wiki page by editing the wiki page.
Recommendations
For Liferay Portal version prior to 7.4.3.16, update to version 7.4.3.16 or later.
For Liferay DXP version prior to 7.2 fix pack 19, update to 7.2 fix pack 19 or later.
For Liferay DXP version 7.3 before update 6, apply update 6 or later.
For Liferay DXP version 7.4 before update 16, apply update 16 or later.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Liferay Dxp
Liferay Portal