{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42132", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-04-30T14:18:27.784Z", "dateReserved": "2022-10-03T00:00:00.000Z", "datePublished": "2022-11-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-15T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://liferay.com"}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"}, {"url": "https://issues.liferay.com/browse/LPE-17438"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.198Z"}, "title": "CVE Program Container", "references": [{"url": "http://liferay.com", "tags": ["x_transferred"]}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132", "tags": ["x_transferred"]}, {"url": "https://issues.liferay.com/browse/LPE-17438", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T14:17:39.915258Z", "id": "CVE-2022-42132", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T14:18:27.784Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://liferay.com", "tags": ["x_transferred"]}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132", "tags": ["x_transferred"]}, {"url": "https://issues.liferay.com/browse/LPE-17438", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:03:45.198Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42132", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-30T14:17:39.915258Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T14:18:08.304Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://liferay.com"}, {"url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"}, {"url": "https://issues.liferay.com/browse/LPE-17438"}], "descriptions": [{"lang": "en", "value": "The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-11-15T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42132", "state": "PUBLISHED", "dateUpdated": "2025-04-30T14:18:27.784Z", "dateReserved": "2022-10-03T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-11-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:-:*:*:*:*:*:*", "matchCriteriaId": "4614C87F-F39C-4ADD-A7A2-4A498612AD38", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "6F20D93D-7FB2-4D5F-9249-4DECDE473C42", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_10:*:*:*:*:*:*", "matchCriteriaId": "CF0821E5-B6E5-44E6-9CF7-77EAE982F677", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_100:*:*:*:*:*:*", "matchCriteriaId": "8C9B7CF8-5553-47B6-BB57-0429D78AE301", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_11:*:*:*:*:*:*", "matchCriteriaId": "1B24B6A1-8439-49D6-8E78-193144F3DCC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_12:*:*:*:*:*:*", "matchCriteriaId": "7E82A6CC-891C-4619-84EA-0DA96E4043C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_13:*:*:*:*:*:*", "matchCriteriaId": "70E12054-0DEE-4B92-B8F6-7DC4B2461113", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_14:*:*:*:*:*:*", "matchCriteriaId": "3B566A51-3EFC-4A08-8A4F-A9AA43FBE481", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_15:*:*:*:*:*:*", "matchCriteriaId": "FE1A8781-6B16-4D37-B556-36B99CBCA9F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_16:*:*:*:*:*:*", "matchCriteriaId": "3EE11B43-1629-4A22-BE88-0AFB2DFC528C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_17:*:*:*:*:*:*", "matchCriteriaId": "10FC6F33-C031-40A4-AFAF-B5CF30F79E52", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_18:*:*:*:*:*:*", "matchCriteriaId": "99B99578-CACE-47D2-9C1E-A7BBD2B6F6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_19:*:*:*:*:*:*", "matchCriteriaId": "950D98A8-88EE-4C99-817B-C418071B2819", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "F86FF50F-B21A-4B6E-88B8-90D0C042E942", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_20:*:*:*:*:*:*", "matchCriteriaId": "CE0E1891-6E76-4069-B412-43B5E5379E0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_21:*:*:*:*:*:*", "matchCriteriaId": "404F5FFE-2758-452F-9297-40E0533C6FB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_22:*:*:*:*:*:*", "matchCriteriaId": "3F5B7E72-8D62-464A-AA82-CBE2625C7687", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_23:*:*:*:*:*:*", "matchCriteriaId": "4FA67C68-3E8E-4383-967F-A1FA55AE4897", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_24:*:*:*:*:*:*", "matchCriteriaId": "F220793A-FDAC-48C6-B299-39EB3BC077A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_25:*:*:*:*:*:*", "matchCriteriaId": "F095A9E1-5FE1-46C4-B0E1-97F8767439D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_26:*:*:*:*:*:*", "matchCriteriaId": "DFD748DD-6FDB-44CD-96BF-026D18CE4207", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_27:*:*:*:*:*:*", "matchCriteriaId": "0A34F2EA-D0F7-4C9B-BFE6-DA334DFD0EDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_28:*:*:*:*:*:*", "matchCriteriaId": "4B3C2426-7617-4535-B86A-7F9BA45DFD0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_29:*:*:*:*:*:*", "matchCriteriaId": "88A5CBCE-2BAE-44C7-A7BF-BC30C89839BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "CA6B2500-42E4-4F87-8B93-2F7399B4F611", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_30:*:*:*:*:*:*", "matchCriteriaId": "28955834-8E02-4558-ABD3-4958DBB41423", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_31:*:*:*:*:*:*", "matchCriteriaId": "89B4F926-5018-4C50-9569-A92BEA6364A0", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_32:*:*:*:*:*:*", "matchCriteriaId": "863C4DBB-9BA2-4A13-8394-08AC500D552A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_33:*:*:*:*:*:*", "matchCriteriaId": "C4206C84-C4BD-4363-A4CA-EE229CE06319", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_34:*:*:*:*:*:*", "matchCriteriaId": "54CA9915-54C2-4E7F-85AF-781CA0A63A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_35:*:*:*:*:*:*", "matchCriteriaId": "4F644864-1056-4A0C-ADD7-A1992A0AC07D", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_36:*:*:*:*:*:*", "matchCriteriaId": "91E9BAE9-CD40-4353-95DB-7D9ADC338F95", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_37:*:*:*:*:*:*", "matchCriteriaId": "C2A29CA0-66CB-4ED9-87B3-57A1C04F59F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_38:*:*:*:*:*:*", "matchCriteriaId": "2BFC882E-25C2-46A3-A0DA-A779399A3A30", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_39:*:*:*:*:*:*", "matchCriteriaId": "661E68A2-B365-4962-87CF-CE17A500889F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "D4094372-E950-4DE0-86D2-CE7F214FD3A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_40:*:*:*:*:*:*", "matchCriteriaId": "A5D28279-002A-4BC7-9396-E47FC842D7AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_41:*:*:*:*:*:*", "matchCriteriaId": "C700ED72-4626-48A0-B1BB-E0A7C12D454F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_42:*:*:*:*:*:*", "matchCriteriaId": "8F473DF1-F70D-4EDB-A011-C8D1C6A21659", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_43:*:*:*:*:*:*", "matchCriteriaId": "C2351EAC-F6AD-4611-B9BD-39C4DFE85B5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_44:*:*:*:*:*:*", "matchCriteriaId": "357845C1-3834-465A-B9CA-F9C604AA8242", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_45:*:*:*:*:*:*", "matchCriteriaId": "DD35964D-4156-45B8-A0AB-282DA9F4FA47", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_46:*:*:*:*:*:*", "matchCriteriaId": "35656567-EF24-4948-A72A-C754D6E419B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_47:*:*:*:*:*:*", "matchCriteriaId": "E9A3D95D-4539-432D-B241-376F312534AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_48:*:*:*:*:*:*", "matchCriteriaId": "81F329F1-5BB1-42A7-98CE-B0EB5819D60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_49:*:*:*:*:*:*", "matchCriteriaId": "5B7111FA-9FD7-4952-AFE1-07D3E14854F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "D35916F1-24AA-4BF3-8B1F-2361C5B815D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_50:*:*:*:*:*:*", "matchCriteriaId": "2C7A080F-9C99-41A0-BC63-EBDDC0DF7B8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_51:*:*:*:*:*:*", "matchCriteriaId": "0383C4C4-A7BB-418D-9A98-AC4233722961", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_52:*:*:*:*:*:*", "matchCriteriaId": "AA281A20-7599-446B-9587-118E920403D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_53:*:*:*:*:*:*", "matchCriteriaId": "9514E8F5-1D0B-4CDF-BD03-087326F6C252", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_54:*:*:*:*:*:*", "matchCriteriaId": "78BC7D6C-2A10-4F78-9C41-EA97665C246E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_55:*:*:*:*:*:*", "matchCriteriaId": "B2C29B11-D87B-4D78-9D42-AD528C811080", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_56:*:*:*:*:*:*", "matchCriteriaId": "CA9BE427-78D7-4DEE-A174-F3E3675B44A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_57:*:*:*:*:*:*", "matchCriteriaId": "6C10325C-8670-499B-B003-7D8634539C5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_58:*:*:*:*:*:*", "matchCriteriaId": "5F692BEB-5CB1-41EA-B715-64AB0036F6CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_59:*:*:*:*:*:*", "matchCriteriaId": "427C4DF5-9039-4CB5-B600-5F965E20D945", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "EDEE4B40-889C-472E-AA91-7E1B4314EE64", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_60:*:*:*:*:*:*", "matchCriteriaId": "44B7A2A2-5764-4EDB-AA44-25F8508CF128", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_61:*:*:*:*:*:*", "matchCriteriaId": "55D94917-5360-4179-A017-1287C63A6E6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_62:*:*:*:*:*:*", "matchCriteriaId": "52C5C76D-2572-4ADF-B7E4-7B3444935658", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_63:*:*:*:*:*:*", "matchCriteriaId": "9ABFC91A-7A8D-4A08-9464-F534BAA69B4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_64:*:*:*:*:*:*", "matchCriteriaId": "1D378A23-113D-47AC-9CB5-2658C357FFB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_65:*:*:*:*:*:*", "matchCriteriaId": "58FB119E-508C-45F7-8AD8-B67AAAEA53D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_66:*:*:*:*:*:*", "matchCriteriaId": "8B3359A5-D39B-4322-8963-B138D791D232", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_67:*:*:*:*:*:*", "matchCriteriaId": "E11E2FBD-7541-4CE3-8A78-52FB82571547", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_68:*:*:*:*:*:*", "matchCriteriaId": "3883F470-8D8D-4CB3-BF4A-0C401BDABC83", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_69:*:*:*:*:*:*", "matchCriteriaId": "1BDCF010-04BF-4FA5-9E14-F6461FED3FFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "3867FDAA-354E-4D2F-A260-27F31CA44C8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_70:*:*:*:*:*:*", "matchCriteriaId": "7E8CEA39-4A7F-4827-91FA-31119201D174", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_71:*:*:*:*:*:*", "matchCriteriaId": "D3768AC9-A245-4B81-8D1D-9D9C5354245C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_72:*:*:*:*:*:*", "matchCriteriaId": "71CA65C9-C0FC-4CBD-A8B0-DD72604A46F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_73:*:*:*:*:*:*", "matchCriteriaId": "9F06DECA-F45D-49DA-BB24-AA1F0306B0B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_74:*:*:*:*:*:*", "matchCriteriaId": "3BA69ED9-28FA-40B5-84F9-0FFE40DFC675", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_75:*:*:*:*:*:*", "matchCriteriaId": "6FF2D31F-8719-41A6-ADD5-15BE9409428E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_76:*:*:*:*:*:*", "matchCriteriaId": "DE56F5E5-73CF-4636-9F98-86BDDA3F6A47", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_77:*:*:*:*:*:*", "matchCriteriaId": "CE4885B1-F912-4D06-8179-830FC011F3F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_78:*:*:*:*:*:*", "matchCriteriaId": "A1A0EFCE-4B74-4B4D-AB6E-5730F26B38FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_79:*:*:*:*:*:*", "matchCriteriaId": "F02DCC86-C3F7-482C-9BFB-B7971FB10AEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_8:*:*:*:*:*:*", "matchCriteriaId": "A89B7EE4-57FD-4B09-841A-ABC9990FF88F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_80:*:*:*:*:*:*", "matchCriteriaId": "06835B0A-A2DF-44D3-A38F-59E5D5523FFA", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_81:*:*:*:*:*:*", "matchCriteriaId": "B746D0CF-76F6-42A1-9056-CA9622DCD806", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_82:*:*:*:*:*:*", "matchCriteriaId": "FFC33A7E-B1CB-4E83-B75C-71F5E7E5E406", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_83:*:*:*:*:*:*", "matchCriteriaId": "325CFFCF-1609-4D89-B6A8-1C6ACBFDD35B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_84:*:*:*:*:*:*", "matchCriteriaId": "BD019A57-FC7A-4B1F-9946-FA15C90FC985", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_85:*:*:*:*:*:*", "matchCriteriaId": "A6B2CD3A-C39C-4F9A-8602-3EC75472181D", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_86:*:*:*:*:*:*", "matchCriteriaId": "1B8DCD85-0E47-44C1-B7DD-E1B4756CEC17", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_87:*:*:*:*:*:*", "matchCriteriaId": "1790D974-2EE0-4405-8F26-BB6DB3BDA23B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_88:*:*:*:*:*:*", "matchCriteriaId": "416B3F04-AD86-4F91-890E-56BA539AAB06", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_89:*:*:*:*:*:*", "matchCriteriaId": "C12C0E4D-4E9A-4BD7-926E-74BCD42595B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_9:*:*:*:*:*:*", "matchCriteriaId": "655A3A6A-A3EB-4864-B64D-2319E5CF7DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_90:*:*:*:*:*:*", "matchCriteriaId": "9A659FEF-1BC1-45E8-A01E-1F9A8F2AFAAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_91:*:*:*:*:*:*", "matchCriteriaId": "3810319D-7DC4-47DD-B568-B0504DBC8209", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_92:*:*:*:*:*:*", "matchCriteriaId": "D9BFFFC0-912A-4F95-A08E-1D264135D1E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_93:*:*:*:*:*:*", "matchCriteriaId": "9EA924E7-DEF2-45BF-B435-C435AC20AF4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_94:*:*:*:*:*:*", "matchCriteriaId": "E6809C30-9A81-45E6-92E9-01D54880EFEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_95:*:*:*:*:*:*", "matchCriteriaId": "C194ACCD-CB7E-4DFC-ABB5-7CCEFD83E11B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_96:*:*:*:*:*:*", "matchCriteriaId": "69856C3C-2ACB-4718-821C-793118094985", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_97:*:*:*:*:*:*", "matchCriteriaId": "8693CC24-CEF6-4479-A3DA-8FD5C73E9548", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_98:*:*:*:*:*:*", "matchCriteriaId": "B1A95A94-83C6-4DCC-8208-B76B53678B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.0:fix_pack_99:*:*:*:*:*:*", "matchCriteriaId": "A1831C4F-7887-489E-91C1-3997114917DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*", "matchCriteriaId": "27DF695E-B890-42C2-8941-5BB53154755F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "072F6C59-3D86-48D1-A14E-477FFFA3B1D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*", "matchCriteriaId": "FE68B4A2-3459-4DBA-8BAC-E9AA9FA25264", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*", "matchCriteriaId": "680D7963-1393-4E86-A65F-D4463D532120", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*", "matchCriteriaId": "D81E73DD-FD21-4082-A883-34422AE6C024", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*", "matchCriteriaId": "E6DD0451-98EA-4140-8294-77A14F063E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*", "matchCriteriaId": "CE94E76B-8CC2-4E91-B7A3-EEBCC1358FF4", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*", "matchCriteriaId": "408BD438-E15C-422F-9612-C62A7387FC63", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*", "matchCriteriaId": "A78C8B1C-39CB-4C27-B57C-0AF5E7EB50D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*", "matchCriteriaId": "0AB19E97-BACE-4FCC-A53F-078D61A7A9E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18:*:*:*:*:*:*", "matchCriteriaId": "D18ACD28-9182-435C-A30F-DF3BFE13C39A", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_19:*:*:*:*:*:*", "matchCriteriaId": "CFE4CC72-C15A-40DE-AFF4-0B6B79BFB2BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "386F0E26-78DC-4D59-A20F-B41D0E59561B", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_20:*:*:*:*:*:*", "matchCriteriaId": "43C11288-1C48-47A0-95DF-A48F3C0285F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_21:*:*:*:*:*:*", "matchCriteriaId": "5ECF3B18-D0DB-4FB6-9F6F-B63A6CE45081", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_22:*:*:*:*:*:*", "matchCriteriaId": "79AC7C0B-4135-4C24-8D37-A9431156E3E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_23:*:*:*:*:*:*", "matchCriteriaId": "7289F71D-ECEB-4FB9-A53F-D3F4D1315ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_24:*:*:*:*:*:*", "matchCriteriaId": "C18AE68F-6EF0-4132-A3D8-C2D77A842137", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_25:*:*:*:*:*:*", "matchCriteriaId": "4C5F0729-7B44-4B9E-949F-6A66D8176E11", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_26:*:*:*:*:*:*", "matchCriteriaId": "B883C27E-3C14-4686-A0E8-8969B4246CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "54576481-2AE9-4133-9EFA-B7FBDCA4427D", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "E29CE810-76D5-4283-B102-70344B6C9506", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "DA869467-C560-4130-A180-86819F6A8673", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "CC0C94B7-31FB-4115-8EDE-62CC459B6663", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "07DEAA71-53DA-4508-B7E6-924ABED49E66", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*", "matchCriteriaId": "467323F6-5CA7-42A0-9810-C6FA694CEC93", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*", "matchCriteriaId": "32EFFD8A-1C0D-446B-AAD7-5D23D483D3D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.1:sp1:*:*:*:*:*:*", "matchCriteriaId": "58CE2C64-BC5F-4281-AD98-B2C4B24A949C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*", "matchCriteriaId": "0DCF7F39-A198-4F7E-84B7-90C88C1BAA96", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "E7E68DF8-749B-4284-A7C9-929701A86B36", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*", "matchCriteriaId": "340DF1FE-5720-4516-BA51-F2197A654409", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*", "matchCriteriaId": "97E155DE-05C6-4559-94A8-0EFEB958D0C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*", "matchCriteriaId": "0635FB5F-9C90-49C7-A9EF-00C0396FCCAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*", "matchCriteriaId": "77523B76-FC26-41B1-A804-7372E13F4FB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*", "matchCriteriaId": "B15397B8-5087-4239-AE78-D3C37D59DE83", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*", "matchCriteriaId": "311EE92A-0EEF-4556-A52F-E6C9522FA2DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*", "matchCriteriaId": "49501C9E-D12A-45E0-92F3-8FD5FDC6D3CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "7CECAA19-8B7F-44C8-8059-6D4F2105E196", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*", "matchCriteriaId": "68CBCEEB-7C28-4769-813F-3F01E33D2E08", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*", "matchCriteriaId": "C0CB4927-A361-4DFA-BDB8-A454EA2894AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*", "matchCriteriaId": "B2B771B7-D5CB-4778-A3A8-1005E4EE134C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*", "matchCriteriaId": "3B9DB383-3791-4A43-BA4D-7695B203E736", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*", "matchCriteriaId": "13F02D77-20E9-4F32-9752-511EB71E6704", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*", "matchCriteriaId": "6353CC8F-A6D4-4A0C-8D68-290CD8DEB4F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*", "matchCriteriaId": "759DDB90-6A89-4E4F-BD04-F70EFA5343B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*", "matchCriteriaId": "6F6A98ED-E694-4F39-95D0-C152BD1EC115", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*", "matchCriteriaId": "2CD6861A-D546-462F-8B22-FA76A4AF8A9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*", "matchCriteriaId": "324BB977-5AAC-4367-98FC-605FF4997B3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*", "matchCriteriaId": "96E84DBC-C740-4E23-8D1D-83C8AE49813E", "vulnerable": true}, {"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "C9B36899-E84E-498B-B99B-B6EB8F7ECE5C", "versionEndExcluding": "7.4.3.5", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential."}, {"lang": "es", "value": "La funcionalidad Probar usuarios de LDAP en Liferay Portal 7.0.0 a 7.4.3.4, y Liferay DXP 7.0 fixpack 102 y anteriores, 7.1 antes del fixpack 27, 7.2 antes del fixpack 17, 7.3 antes de la actualizaci\u00f3n 4 y DXP 7.4 GA incluye LDAP credencial en la URL de la p\u00e1gina al paginar a trav\u00e9s de la lista de usuarios, lo que permite a los atacantes intermediarios o a los atacantes con acceso a los registros de solicitudes ver la credencial LDAP."}], "id": "CVE-2022-42132", "lastModified": "2025-04-30T15:15:56.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-11-15T02:15:12.240", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://liferay.com"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://issues.liferay.com/browse/LPE-17438"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://liferay.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://issues.liferay.com/browse/LPE-17438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42132"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}