Vulnerabilities > CVE-2022-38512 - Missing Authorization vulnerability in Liferay DXP and Liferay Portal

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

liferay

CWE-862

NVD

Published: 2022-09-22

Updated: 2023-08-08

Summary

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

Vulnerable Configurations

Part	Description	Count
Application	Liferay Liferay Liferay Portal 7.4.3.12 Liferay Liferay Portal 7.4.3.13 Liferay Liferay Portal 7.4.3.14 Liferay Liferay Portal 7.4.3.15 Liferay Liferay Portal 7.4.3.16 Liferay Liferay Portal 7.4.3.17 Liferay Liferay Portal 7.4.3.18 Liferay Liferay Portal 7.4.3.19 Liferay Liferay Portal 7.4.3.20 Liferay Liferay Portal 7.4.3.21 Liferay Liferay Portal 7.4.3.22 Liferay Liferay Portal 7.4.3.23 Liferay Liferay Portal 7.4.3.24 Liferay Liferay Portal 7.4.3.25 Liferay Liferay Portal 7.4.3.26 Liferay Liferay Portal 7.4.3.27 Liferay Liferay Portal 7.4.3.28 Liferay Liferay Portal 7.4.3.29 Liferay Liferay Portal 7.4.3.30 Liferay Liferay Portal 7.4.3.31 Liferay Liferay Portal 7.4.3.32 Liferay Liferay Portal 7.4.3.33 Liferay Liferay Portal 7.4.3.34 Liferay Liferay Portal 7.4.3.35 Liferay Liferay Portal 7.4.3.36 Liferay DXP 7.4	55

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References