Home > Vulnerability Database > CVE-2021-29050

Mend.io Vulnerability Database

CVE-2021-29050

Good to know:

Date: February 19, 2024

Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page.

Language: Java

Severity Score

8.8

Related Resources (7)

Url: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2021-29050

Url: https://github.com/liferay/liferay-portal

Url: https://github.com/liferay/liferay-portal/commit/1295dcd8173ac820e501d0e9b3bf1da97ea8b7d4

Url: https://github.com/liferay/liferay-portal/commit/f2723cb2e8dacfbd140ff5f255bb7d21a11c476d

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-29050

Url: https://liferay.atlassian.net/browse/LPE-17207

Url: https://www.mend.io/vulnerability-database/CVE-2021-29050

Severity Score

8.8

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

Upgrade Version

Upgrade to version com.liferay.portal:com.liferay.portal.impl:5.25.0

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2021-29050

Good to know:

Date: February 19, 2024

Language: Java

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?