Description
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2022-7341 | An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. |
Github GHSA |
GHSA-g6x4-57hp-j4xm | Authorization Bypass in Liferay Portal |
References
History
Wed, 30 Apr 2025 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-04T23:29:42.968Z
Reserved: 2022-10-03T00:00:00.000Z
Link: CVE-2022-42129
Updated: 2024-08-03T13:03:45.442Z
Status : Modified
Published: 2022-11-15T02:15:11.590
Modified: 2026-06-17T05:04:24.930
Link: CVE-2022-42129
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-639
Authorization Bypass Through User-Controlled Key
EUVD
Github GHSA