CVE-2022-45320

Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
mitreCNA
---
---
CISA-ADPADP
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
liferaydigital_experience_platform
𝑥
< 7.2
liferaydigital_experience_platform
7.2
liferaydigital_experience_platform
7.2:fix_pack_1
liferaydigital_experience_platform
7.2:fix_pack_10
liferaydigital_experience_platform
7.2:fix_pack_11
liferaydigital_experience_platform
7.2:fix_pack_12
liferaydigital_experience_platform
7.2:fix_pack_13
liferaydigital_experience_platform
7.2:fix_pack_14
liferaydigital_experience_platform
7.2:fix_pack_15
liferaydigital_experience_platform
7.2:fix_pack_16
liferaydigital_experience_platform
7.2:fix_pack_17
liferaydigital_experience_platform
7.2:fix_pack_18
liferaydigital_experience_platform
7.2:fix_pack_2
liferaydigital_experience_platform
7.2:fix_pack_3
liferaydigital_experience_platform
7.2:fix_pack_4
liferaydigital_experience_platform
7.2:fix_pack_5
liferaydigital_experience_platform
7.2:fix_pack_6
liferaydigital_experience_platform
7.2:fix_pack_7
liferaydigital_experience_platform
7.2:fix_pack_8
liferaydigital_experience_platform
7.2:fix_pack_9
liferaydigital_experience_platform
7.2:service_pack_1
liferaydigital_experience_platform
7.2:service_pack_2
liferaydigital_experience_platform
7.2:service_pack_3
liferaydigital_experience_platform
7.2:service_pack_4
liferaydigital_experience_platform
7.2:service_pack_5
liferaydigital_experience_platform
7.2:service_pack_6
liferaydigital_experience_platform
7.2:service_pack_7
liferaydigital_experience_platform
7.2:service_pack_8
liferaydigital_experience_platform
7.3
liferaydigital_experience_platform
7.3:fix_pack_1
liferaydigital_experience_platform
7.3:fix_pack_2
liferaydigital_experience_platform
7.3:service_pack_1
liferaydigital_experience_platform
7.3:service_pack_3
liferaydigital_experience_platform
7.3:update4
liferaydigital_experience_platform
7.3:update5
liferaydigital_experience_platform
7.4
liferaydigital_experience_platform
7.4:update1
liferaydigital_experience_platform
7.4:update10
liferaydigital_experience_platform
7.4:update11
liferaydigital_experience_platform
7.4:update12
liferaydigital_experience_platform
7.4:update13
liferaydigital_experience_platform
7.4:update14
liferaydigital_experience_platform
7.4:update15
liferaydigital_experience_platform
7.4:update2
liferaydigital_experience_platform
7.4:update3
liferaydigital_experience_platform
7.4:update4
liferaydigital_experience_platform
7.4:update5
liferaydigital_experience_platform
7.4:update6
liferaydigital_experience_platform
7.4:update7
liferaydigital_experience_platform
7.4:update8
liferaydigital_experience_platform
7.4:update9
liferayliferay_portal
𝑥
< 7.4.3.16
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2022-45320