Home > Vulnerability Database > CVE-2021-29050

Mend.io Vulnerability Database

CVE-2021-29050

Good to know:

Date: February 20, 2024

Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page.

Language: Java

Severity Score

4.3

Related Resources (3)

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29050

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29050

Url: https://www.mend.io/vulnerability-database/CVE-2021-29050

Severity Score

4.3

Top Fix

Upgrade Version

Upgrade to version com.liferay.portal:com.liferay.portal.kernel:7.0.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29050

Good to know:

Date: February 20, 2024

Language: Java

Severity Score

Related Resources (3)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?