Description
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
Remediation
References
http://liferay.com
https://issues.liferay.com/browse/LPE-17448
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
Related Vulnerabilities
CVE-2022-45391 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro
CVE-2021-21172 Vulnerability in npm package electron
CVE-2016-10366 Vulnerability in npm package kibana
CVE-2016-3102 Vulnerability in maven package org.jenkins-ci.plugins:script-security