CVE-2020-24554Open Redirect in Portal

CWE-601Open Redirect4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Liferay Portal
Timeline
PublishedSep 1
Latest updateMay 7

Description

The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
OSV
Open Redirect in Liferay Portal2021-05-07
GHSA
Open Redirect in Liferay Portal2021-05-07
CVEList
CVE-2020-24554: The redirect module in Liferay Portal before 72020-09-01
CVE-2020-24554 — Open Redirect in Liferay Portal | cvebase