Security Advisory

CVE-2022-42129

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-15 00:00:00

Last updated 2025-04-30 18:27:49

Assigner mitre

State PUBLISHED

Description

An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.

← Browse all CVEs View on cve.org ↗