CVE-2023-5190

Summary

CVE-2023-5190 is an open redirect vulnerability that affects Liferay Portal versions 7.4.3.45 through 7.4.3.101, as well as Liferay DXP 2023.Q3 before patch 6 and 7.4 update 45 through 92. This vulnerability allows remote attackers to redirect users to arbitrary external URLs by exploiting the "_com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect" parameter on the edit region page of Countries Management. The risk score for this vulnerability is rated at 25 out of 100, with a base severity of MEDIUM and a base score of 6.1 according to the CVE analysis report provided by [email protected]. The exploitability score is rated at 2.8 out of 10, requiring user interaction and having a low impact on integrity and confidentiality. It is essential for organizations using the affected versions to apply patches or updates provided by Liferay to remediate this vulnerability and prevent potential malicious redirections that could compromise user security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.