CVE-2008-0182

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 47.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Liferay Liferay Enterprise Portal

Timeline

PublishedFeb 5

Latest updateMay 1

Description

Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4.4.0 allows remote authenticated users to perform unspecified actions as unspecified other authenticated users via the Shutdown message.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDliferay/liferay_enterprise_portal4.3.6

🔴Vulnerability Details

GHSA

GHSA-fxrw-q665-w573: Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4↗2022-05-01

▶

CVEList

CVE-2008-0182: Cross-site request forgery (CSRF) vulnerability in the Admin portlet in Liferay Portal before 4↗2008-02-04

▶