← Back to CVEs
CVE-2022-42131
MEDIUM4.8
Description
Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3.
CVE Details
CVSS v3.1 Score4.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published11/15/2022
Last Modified4/30/2025
Sourcenvd
Honeypot Sightings0
Affected Products
liferay:digital_experience_platformliferay:liferay_portal
Weaknesses (CWE)
CWE-295CWE-295
References
http://liferay.com(cve@mitre.org)
https://issues.liferay.com/browse/LPE-17377(cve@mitre.org)
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131(cve@mitre.org)
http://liferay.com(af854a3a-2127-422b-91ae-364da2661108)
https://issues.liferay.com/browse/LPE-17377(af854a3a-2127-422b-91ae-364da2661108)
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42131(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.