CVSS 3.1 Score 6.1 of 10 (medium)


Published Feb 20, 2024
CWE ID 601


CVE-2023-5190 is an open redirect vulnerability that affects Liferay Portal versions through, as well as Liferay DXP 2023.Q3 before patch 6 and 7.4 update 45 through 92. This vulnerability allows remote attackers to redirect users to arbitrary external URLs by exploiting the "_com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect" parameter on the edit region page of Countries Management. The risk score for this vulnerability is rated at 25 out of 100, with a base severity of MEDIUM and a base score of 6.1 according to the CVE analysis report provided by [email protected]. The exploitability score is rated at 2.8 out of 10, requiring user interaction and having a low impact on integrity and confidentiality. It is essential for organizations using the affected versions to apply patches or updates provided by Liferay to remediate this vulnerability and prevent potential malicious redirections that could compromise user security.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-5190 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options