CVE-2021-29050

Name of the Vulnerable Software and Affected Versions Liferay Portal versions prior to 7.3.6 Liferay DXP 7.3 before service pack 1 Liferay DXP 7.2 before fix pack 11

Description A Cross-Site Request Forgery (CSRF) issue exists in the terms of use page, allowing remote attackers to accept the site's terms of use via social engineering by enticing the user to visit a malicious page.

Recommendations For Liferay Portal versions prior to 7.3.6, update to version 7.3.6 or later. For Liferay DXP 7.3 before service pack 1, apply service pack 1 or later. For Liferay DXP 7.2 before fix pack 11, apply fix pack 11 or later. As a temporary workaround, consider restricting access to the terms of use page until a patch is available.