8.8
CVE-2024-26273
- EPSS 0.12%
- Published 22.10.2024 15:15:05
- Last modified 10.12.2024 21:07:07
- Source security@liferay.com
- Teams watchlist Login
- Open Login
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.
Data is provided by the National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version >= 2023.q3.1 < 2023.q3.6
Liferay ≫ Digital Experience Platform Version >= 2023.q4.0 < 2023.q4.3
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate29
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate30
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate31
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate32
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate33
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate34
Liferay ≫ Digital Experience Platform Version7.3 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.4 Update-
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate1
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate10
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate11
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate12
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate13
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate14
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate15
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate16
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate17
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate18
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate19
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate2
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate20
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate21
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate22
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate23
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate24
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate25
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate26
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate27
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate28
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate29
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate3
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate30
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate31
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate4
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate5
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate6
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate63
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate64
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate65
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate66
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate67
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate68
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate69
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate7
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate70
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate71
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate72
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate73
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate74
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate75
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate76
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate77
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate78
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate79
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate8
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate80
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate81
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate82
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate83
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate84
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate85
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate86
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate87
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate88
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate89
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate9
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate90
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate91
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate92
Liferay ≫ Liferay Portal Version >= 7.4.0 < 7.4.3.104
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.321 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| security@liferay.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.