nvd-json-data-feeds/CVE-2023/CVE-2023-443xx/CVE-2023-44308.json

{
  "id": "CVE-2023-44308",
  "sourceIdentifier": "security@liferay.com",
  "published": "2024-02-20T07:15:08.033",
  "lastModified": "2024-02-20T19:50:53.960",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redireccionamiento abierto en la p\u00e1gina de administraci\u00f3n de medios adaptables en Liferay DXP 2023.Q3 antes del parche 6 y 7.4 GA hasta la actualizaci\u00f3n 92 permite a atacantes remotos redirigir a los usuarios a URL externas arbitrarias a trav\u00e9s del par\u00e1metro _com_liferay_adaptive_media_web_portlet_AMPortlet_redirect."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@liferay.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@liferay.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44308",
      "source": "security@liferay.com"
    }
  ]
}