CVE-2022-38512 - CERT CVE
ID CVE-2022-38512
Sažetak The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
Reference
CVSS
Base: 6.5
Impact: 3.6
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Zadnje važnije ažuriranje 09-07-2026 - 01:17
Objavljeno 22-09-2022 - 01:15