Description
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
Remediation
References
http://liferay.com
https://issues.liferay.com/browse/LPE-17448
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
Related Vulnerabilities
CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle
CVE-2020-13942 Vulnerability in maven package org.apache.unomi:unomi-kar
CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard
CVE-2015-5207 Vulnerability in npm package cordova-ios
CVE-2022-36891 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework