Description
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter.
Remediation
References
http://liferay.com
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/cve-2022-42129
https://issues.liferay.com/browse/LPE-17448
Related Vulnerabilities
CVE-2019-0219 Vulnerability in npm package cordova-plugin-inappbrowser
CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service
CVE-2018-8010 Vulnerability in maven package org.apache.solr:solr-core
CVE-2022-25883 Vulnerability in maven package org.webjars.npm:semver
CVE-2015-5325 Vulnerability in maven package org.jenkins-ci.main:jenkins-core