CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42124

ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote attackers to consume an excessive amount of server resources via a crafted payload injected into the 'name' field of a layout prototype.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 62.2%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2022-42124

Liferay » Digital Experience Platform » Version: 7.2

cpe:2.3:a:liferay:digital_experience_platform:7.2
Liferay » Digital Experience Platform » Version: 7.3

cpe:2.3:a:liferay:digital_experience_platform:7.3
Liferay » Digital Experience Platform » Version: 7.4

cpe:2.3:a:liferay:digital_experience_platform:7.4
Liferay » Liferay Portal » Version: 7.3.2

cpe:2.3:a:liferay:liferay_portal:7.3.2
Liferay » Liferay Portal » Version: 7.3.3

cpe:2.3:a:liferay:liferay_portal:7.3.3
Liferay » Liferay Portal » Version: 7.3.4

cpe:2.3:a:liferay:liferay_portal:7.3.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5
Liferay » Liferay Portal » Version: 7.3.6

cpe:2.3:a:liferay:liferay_portal:7.3.6
Liferay » Liferay Portal » Version: 7.3.7

cpe:2.3:a:liferay:liferay_portal:7.3.7
Liferay » Liferay Portal » Version: 7.4.0

cpe:2.3:a:liferay:liferay_portal:7.4.0
Liferay » Liferay Portal » Version: 7.4.1

cpe:2.3:a:liferay:liferay_portal:7.4.1
Liferay » Liferay Portal » Version: 7.4.2

cpe:2.3:a:liferay:liferay_portal:7.4.2
Liferay » Liferay Portal » Version: 7.4.3.4

cpe:2.3:a:liferay:liferay_portal:7.4.3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42124

Products

Pricing

Contact Us