CVE-2022-38512
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/09/2022
Last modified:
27/05/2025
Description
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_15:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_16:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_17:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_18:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_19:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_20:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_21:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_22:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_23:*:*:*:*:*:* | ||
| cpe:2.3:a:liferay:dxp:7.4:update_24:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page