CVE-2023-35029

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
LiferayCNA
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
liferaydxp
7.4:update_70
liferaydxp
7.4:update_71
liferaydxp
7.4:update_72
liferaydxp
7.4:update_73
liferaydxp
7.4:update_74
liferaydxp
7.4:update_75
liferaydxp
7.4:update_76
liferayliferay_portal
7.4.3.70 ≤
𝑥
< 7.4.3.77
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35029
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-35029