CVE-2023-5190

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.45 through 7.4.3.101 Liferay DXP 2023.Q3 before patch 6 Liferay DXP versions 7.4 update 45 through 92

Description The issue is an open redirect vulnerability in the Countries Management’s edit region page. This allows remote attackers to redirect users to arbitrary external URLs via the com liferay address web internal portlet CountriesManagementAdminPortlet redirect parameter.

Recommendations For Liferay Portal versions 7.4.3.45 through 7.4.3.101, update to a version outside of this range to resolve the issue. For Liferay DXP 2023.Q3, apply patch 6 to fix the vulnerability. For Liferay DXP versions 7.4 update 45 through 92, update to a version outside of this range or apply the necessary patch. As a temporary workaround, consider restricting access to the com liferay address web internal portlet CountriesManagementAdminPortlet redirect parameter in the affected API endpoint until a patch is available.