Cross-site request forgery in Liferay Enterprise Portal - #VU13060
Published: May 30, 2018
Vulnerability identifier: #VU13060
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Liferay
Affected software:
Liferay Enterprise Portal
Liferay Enterprise Portal
Detailed vulnerability description
The vulnerability allows a remote attacker to perform CSRF attack.
The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and execute unwanted actions in the portal.
The weakness exists due to insufficient CSRF protections. A remote attacker can create a specially crafted HTML page or URL, trick the victim into visiting it, gain access to the system and execute unwanted actions in the portal.
Remediation
Update to version 7.0 CE GA7 (7.0.6) or later.