{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-42129","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-04-30T18:27:49.397Z","dateReserved":"2022-10-03T00:00:00.000Z","datePublished":"2022-11-15T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2022-11-15T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"http://liferay.com"},{"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129"},{"url":"https://issues.liferay.com/browse/LPE-17448"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T13:03:45.442Z"},"title":"CVE Program Container","references":[{"url":"http://liferay.com","tags":["x_transferred"]},{"url":"https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129","tags":["x_transferred"]},{"url":"https://issues.liferay.com/browse/LPE-17448","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-639","lang":"en","description":"CWE-639 Authorization Bypass Through User-Controlled Key"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-04-30T18:27:45.755450Z","id":"CVE-2022-42129","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-04-30T18:27:49.397Z"}}]}}