Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2022-42132 - Vulnerability Database
Liferay DXP

Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability - CVE-2022-42132

Medium
Reference: CVE-2022-42132
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-42132
Title: Liferay DXP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Overview:

The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4 and Liferay DXP 7.0 fix pack 102 and earlier 7.1 before fix pack 27 7.2 before fix pack 17 7.3 before update 4 and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential.