Vulnerabilities > CVE-2022-42124 - Unspecified vulnerability in Liferay Digital Experience Platform and Liferay Portal

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

liferay

NVD

Published: 2022-11-15

Updated: 2023-08-08

Summary

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.

Vulnerable Configurations

Part	Description	Count
Application	Liferay Liferay Digital Experience Platform 7.2 Liferay Digital Experience Platform 7.3 Liferay Digital Experience Platform 7.4 Liferay Liferay Portal 7.3.2 Liferay Liferay Portal 7.3.3 Liferay Liferay Portal 7.3.4 Liferay Liferay Portal 7.3.5 Liferay Liferay Portal 7.3.6 Liferay Liferay Portal 7.3.7 Liferay Liferay Portal 7.4.0 Liferay Liferay Portal 7.4.1 Liferay Liferay Portal 7.4.2 Liferay Liferay Portal 7.4.3.4	25

Summary

Vulnerable Configurations

References