CNNVD-202510-1658 Information
CNNVD ID
CNNVD-202510-1658
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
Liferay DXP是美国Liferay公司的一套数字化体验协作平台。 Liferay DXP 2023.Q4.1版本至2023.Q4.5版本存在安全漏洞,该漏洞源于_com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId参数存在不安全的直接对象引用,可能导致远程认证用户查看不同虚拟实例的发货地址。
Description (English)
Liferay DXP is a digitized experience collaborative platform for the American company Liferay. There is a security loophole between version 2023.Q4.1 and version 2023.Q4.5 of Liferay DXP, which stems from unsafe direct-object references to parameters com liferay commerce order web international portlet CommerceOrderPortlet CommerceOrderId, which may lead remote authentication users to view the shipping addresses of different virtual examples.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Liferay
Published
2025-10-13
Last Modified
2026-02-24
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62241 https://access.redhat.com/security/cve/cve-2025-62241
Patch
https://www.liferay.com/zh/downloads-community
Share on: