Maven package
com.liferay.commerce/com.liferay.commerce.order.content.web
pkg:maven/com.liferay.commerce/com.liferay.commerce.order.content.web
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62241 | — | < 4.0.114 | 4.0.114 | Oct 13, 2025 | Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _com_liferay_commerce_order |
- CVE-2025-62241Oct 13, 2025affected < 4.0.114fixed 4.0.114
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _com_liferay_commerce_order