6.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-45320

CVE-2022-45320: Privilege escalation in Liferay Portal

Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2022-45320

CVE-2022-45320:

6.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:release.portal.bom	maven	< 7.4.3.16	7.4.3.16

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability allows authenticated users to become wiki page owners through editing. This suggests flaws in: 1) The page update logic that handles ownership metadata (WikiPageLocalServiceImpl) and 2) The edit action controller that processes user input. Liferay's typical MVC architecture separates service layer (business logic) from web controllers (input handling), making these components likely candidates. The high confidence comes from the vulnerability pattern matching common authorization flaws in CRUD operations where ownership fields are mutable without proper checks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2022-45320: Privilege escalation in Liferay Portal

CVE-2022-45320:

6.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

6.3

6.3

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

CVE-2022-45320: Privilege escalation in Liferay Portal

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI