Description
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Published: 2022-09-22
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-33412 Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module
Github GHSA Github GHSA GHSA-5j86-vmpx-42pc Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module
History

Tue, 27 May 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Liferay Liferay Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-05-27T17:49:21.152Z

Reserved: 2022-04-11T00:00:00.000Z

Link: CVE-2022-28981

cve-icon Vulnrichment

Updated: 2024-08-03T06:10:57.779Z

cve-icon NVD

Status : Modified

Published: 2022-09-22T01:15:11.820

Modified: 2025-05-27T18:15:28.343

Link: CVE-2022-28981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses