CVE-2022-28981Path Traversal in Portal

CWE-22Path Traversal4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 50.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Liferay Portal
Timeline
PublishedSep 22
Latest updateSep 23

Description

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDliferay/liferay_portal7.4.07.4.2

🔴Vulnerability Details

3
GHSA
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module2022-09-23
OSV
Liferay Portal Path Traversal Vulnerability via the Hypermedia REST APIs Module2022-09-23
CVEList
CVE-2022-28981: Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 72022-09-22
CVE-2022-28981 — Path Traversal in Liferay Portal | cvebase