Cross-Site Request Forgery Vulnerability in Liferay Portal by Liferay
CVE-2008-0563

Currently unrated

Key Information:

Vendor: Liferay
Status: Liferay Enterprise Portal
Vendor: CVE Published:; 5 February 2008

What is CVE-2008-0563?

A Cross-Site Request Forgery vulnerability exists in the UserLocalServiceImpl.java of Liferay Portal 4.3.6. This flaw enables remote attackers to execute unauthorized actions by leveraging the User-Agent HTTP header. As a result, a malicious actor could potentially exploit this weakness to manipulate authenticated users, leading to unintended modifications or data exposure when the user interacts with the platform.

References

http://support.liferay.com/browse/LEP-4737

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 5, 2008