6.1

CVE-2023-5190

EPSS 0.32%
Published 20.02.2024 06:15:07
Last modified 28.01.2025 21:34:19
Source security@liferay.com
Teams watchlist Login
Open Login

Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate63

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate64

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate65

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate66

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate67

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate68

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate69

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92

Liferay ≫ Digital Experience Platform Version2023.q3.0

Liferay ≫ Digital Experience Platform Version2023.q3.1

Liferay ≫ Digital Experience Platform Version2023.q3.2

Liferay ≫ Digital Experience Platform Version2023.q3.3

Liferay ≫ Digital Experience Platform Version2023.q3.4

Liferay ≫ Digital Experience Platform Version2023.q3.5

Liferay ≫ Liferay Portal Version >= 7.4.3.45 < 7.4.3.102

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.32%	0.547

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security@liferay.com	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-5190

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5190

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5190

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5190

EUVD