Lucene search

K
cve[email protected]CVE-2023-5190
HistoryFeb 20, 2024 - 6:15 a.m.

CVE-2023-5190

2024-02-2006:15:07
CWE-601
web.nvd.nist.gov
36
open redirect
vulnerability
liferay portal
security
remote attack

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.101",
        "status": "affected",
        "version": "7.4.3.45",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "2023.q3.5",
        "status": "affected",
        "version": "2023.q3.1",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.4.13.u92",
        "status": "affected",
        "version": "7.4.13.u45",
        "versionType": "maven"
      }
    ]
  }
]

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

Related for CVE-2023-5190