What is the severity of CVE-2024-26273?

The severity of CVE-2024-26273 is considered moderate due to the potential for cross-site request forgery (CSRF) attacks.

How do I fix CVE-2024-26273?

To fix CVE-2024-26273, upgrade to the latest version of Liferay Portal or Liferay DXP that addresses the CSRF vulnerability.

What products are affected by CVE-2024-26273?

CVE-2024-26273 affects Liferay Portal versions 7.4.0 through 7.4.3.103 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 among others.

Can CVE-2024-26273 be exploited remotely?

Yes, CVE-2024-26273 can be exploited by remote attackers without authentication.

What is the impact of CVE-2024-26273?

The impact of CVE-2024-26273 includes unauthorized actions being taken on behalf of authenticated users.

Vulnerability/
CVE-2024-26273

high

8.8

CWE

352

22/10/2024

28/4/2025

CVE-2024-26273: CSRF

First published: Tue Oct 22 2024(Updated: )

Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.

Credit: security@liferay.com

Affected Software	Affected Version	How to fix
Liferay 7.4 GA	>=2023.q3.1<2023.q3.6
Liferay 7.4 GA	>=2023.q4.0<2023.q4.3
Liferay 7.4 GA	=7.3-update29
Liferay 7.4 GA	=7.3-update30
Liferay 7.4 GA	=7.3-update31
Liferay 7.4 GA	=7.3-update32
Liferay 7.4 GA	=7.3-update33
Liferay 7.4 GA	=7.3-update34
Liferay 7.4 GA	=7.3-update35
Liferay 7.4 GA	=7.4
Liferay 7.4 GA	=7.4-update1
Liferay 7.4 GA	=7.4-update10
Liferay 7.4 GA	=7.4-update11
Liferay 7.4 GA	=7.4-update12
Liferay 7.4 GA	=7.4-update13
Liferay 7.4 GA	=7.4-update14
Liferay 7.4 GA	=7.4-update15
Liferay 7.4 GA	=7.4-update16
Liferay 7.4 GA	=7.4-update17
Liferay 7.4 GA	=7.4-update18
Liferay 7.4 GA	=7.4-update19
Liferay 7.4 GA	=7.4-update2
Liferay 7.4 GA	=7.4-update20
Liferay 7.4 GA	=7.4-update21
Liferay 7.4 GA	=7.4-update22
Liferay 7.4 GA	=7.4-update23
Liferay 7.4 GA	=7.4-update24
Liferay 7.4 GA	=7.4-update25
Liferay 7.4 GA	=7.4-update26
Liferay 7.4 GA	=7.4-update27
Liferay 7.4 GA	=7.4-update28
Liferay 7.4 GA	=7.4-update29
Liferay 7.4 GA	=7.4-update3
Liferay 7.4 GA	=7.4-update30
Liferay 7.4 GA	=7.4-update31
Liferay 7.4 GA	=7.4-update32
Liferay 7.4 GA	=7.4-update33
Liferay 7.4 GA	=7.4-update34
Liferay 7.4 GA	=7.4-update35
Liferay 7.4 GA	=7.4-update36
Liferay 7.4 GA	=7.4-update37
Liferay 7.4 GA	=7.4-update38
Liferay 7.4 GA	=7.4-update39
Liferay 7.4 GA	=7.4-update4
Liferay 7.4 GA	=7.4-update40
Liferay 7.4 GA	=7.4-update41
Liferay 7.4 GA	=7.4-update42
Liferay 7.4 GA	=7.4-update43
Liferay 7.4 GA	=7.4-update44
Liferay 7.4 GA	=7.4-update45
Liferay 7.4 GA	=7.4-update46
Liferay 7.4 GA	=7.4-update47
Liferay 7.4 GA	=7.4-update48
Liferay 7.4 GA	=7.4-update49
Liferay 7.4 GA	=7.4-update5
Liferay 7.4 GA	=7.4-update50
Liferay 7.4 GA	=7.4-update51
Liferay 7.4 GA	=7.4-update52
Liferay 7.4 GA	=7.4-update53
Liferay 7.4 GA	=7.4-update54
Liferay 7.4 GA	=7.4-update55
Liferay 7.4 GA	=7.4-update56
Liferay 7.4 GA	=7.4-update57
Liferay 7.4 GA	=7.4-update58
Liferay 7.4 GA	=7.4-update59
Liferay 7.4 GA	=7.4-update6
Liferay 7.4 GA	=7.4-update60
Liferay 7.4 GA	=7.4-update61
Liferay 7.4 GA	=7.4-update62
Liferay 7.4 GA	=7.4-update63
Liferay 7.4 GA	=7.4-update64
Liferay 7.4 GA	=7.4-update65
Liferay 7.4 GA	=7.4-update66
Liferay 7.4 GA	=7.4-update67
Liferay 7.4 GA	=7.4-update68
Liferay 7.4 GA	=7.4-update69
Liferay 7.4 GA	=7.4-update7
Liferay 7.4 GA	=7.4-update70
Liferay 7.4 GA	=7.4-update71
Liferay 7.4 GA	=7.4-update72
Liferay 7.4 GA	=7.4-update73
Liferay 7.4 GA	=7.4-update74
Liferay 7.4 GA	=7.4-update75
Liferay 7.4 GA	=7.4-update76
Liferay 7.4 GA	=7.4-update77
Liferay 7.4 GA	=7.4-update78
Liferay 7.4 GA	=7.4-update79
Liferay 7.4 GA	=7.4-update8
Liferay 7.4 GA	=7.4-update80
Liferay 7.4 GA	=7.4-update81
Liferay 7.4 GA	=7.4-update82
Liferay 7.4 GA	=7.4-update83
Liferay 7.4 GA	=7.4-update84
Liferay 7.4 GA	=7.4-update85
Liferay 7.4 GA	=7.4-update86
Liferay 7.4 GA	=7.4-update87
Liferay 7.4 GA	=7.4-update88
Liferay 7.4 GA	=7.4-update89
Liferay 7.4 GA	=7.4-update9
Liferay 7.4 GA	=7.4-update90
Liferay 7.4 GA	=7.4-update91
Liferay 7.4 GA	=7.4-update92
Liferay 7.4 GA	>=7.4.0<7.4.3.104
maven/com.liferay.portal:release.dxp.bom	>=7.3u29<7.3u36	7.3u36
maven/com.liferay.portal:release.dxp.bom	>=7.4.GA<=7.4u92	7.4u93
maven/com.liferay.portal:release.dxp.bom	>=2023.Q3.1<2023.Q3.6	2023.Q3.6
maven/com.liferay.portal:release.dxp.bom	>=2023.Q4.0<2023.Q4.3	2023.Q4.3
maven/com.liferay.portal:release.portal.bom	>=7.4.0<7.4.3.104	7.4.3.104
	>=2023.q3.1<2023.q3.6
	>=2023.q4.0<2023.q4.3
	=7.3-update29
	=7.3-update30
	=7.3-update31
	=7.3-update32
	=7.3-update33
	=7.3-update34
	=7.3-update35
	=7.4
	=7.4-update1
	=7.4-update10
	=7.4-update11
	=7.4-update12
	=7.4-update13
	=7.4-update14
	=7.4-update15
	=7.4-update16
	=7.4-update17
	=7.4-update18
	=7.4-update19
	=7.4-update2
	=7.4-update20
	=7.4-update21
	=7.4-update22
	=7.4-update23
	=7.4-update24
	=7.4-update25
	=7.4-update26
	=7.4-update27
	=7.4-update28
	=7.4-update29
	=7.4-update3
	=7.4-update30
	=7.4-update31
	=7.4-update32
	=7.4-update33
	=7.4-update34
	=7.4-update35
	=7.4-update36
	=7.4-update37
	=7.4-update38
	=7.4-update39
	=7.4-update4
	=7.4-update40
	=7.4-update41
	=7.4-update42
	=7.4-update43
	=7.4-update44
	=7.4-update45
	=7.4-update46
	=7.4-update47
	=7.4-update48
	=7.4-update49
	=7.4-update5
	=7.4-update50
	=7.4-update51
	=7.4-update52
	=7.4-update53
	=7.4-update54
	=7.4-update55
	=7.4-update56
	=7.4-update57
	=7.4-update58
	=7.4-update59
	=7.4-update6
	=7.4-update60
	=7.4-update61
	=7.4-update62
	=7.4-update63
	=7.4-update64
	=7.4-update65
	=7.4-update66
	=7.4-update67
	=7.4-update68
	=7.4-update69
	=7.4-update7
	=7.4-update70
	=7.4-update71
	=7.4-update72
	=7.4-update73
	=7.4-update74
	=7.4-update75
	=7.4-update76
	=7.4-update77
	=7.4-update78
	=7.4-update79
	=7.4-update8
	=7.4-update80
	=7.4-update81
	=7.4-update82
	=7.4-update83
	=7.4-update84
	=7.4-update85
	=7.4-update86
	=7.4-update87
	=7.4-update88
	=7.4-update89
	=7.4-update9
	=7.4-update90
	=7.4-update91
	=7.4-update92
	>=7.4.0<7.4.3.104

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-26273?
The severity of CVE-2024-26273 is considered moderate due to the potential for cross-site request forgery (CSRF) attacks.
How do I fix CVE-2024-26273?
To fix CVE-2024-26273, upgrade to the latest version of Liferay Portal or Liferay DXP that addresses the CSRF vulnerability.
What products are affected by CVE-2024-26273?
CVE-2024-26273 affects Liferay Portal versions 7.4.0 through 7.4.3.103 and Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 among others.
Can CVE-2024-26273 be exploited remotely?
Yes, CVE-2024-26273 can be exploited by remote attackers without authentication.
What is the impact of CVE-2024-26273?
The impact of CVE-2024-26273 includes unauthorized actions being taken on behalf of authenticated users.

agent/weakness
agent/first-publish-date
agent/type
agent/author
agent/severity
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/github-advisory-latest
source/GitHub
alias/GHSA-hmrx-6pr5-hpwj
alias/CVE-2024-26273
agent/source
agent/references
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/nvd-cve
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/2023.q3.1
version/liferay 7.4 ga/2023.q4.0
version/liferay 7.4 ga/7.3-update29
version/liferay 7.4 ga/7.3-update30
version/liferay 7.4 ga/7.3-update31
version/liferay 7.4 ga/7.3-update32
version/liferay 7.4 ga/7.3-update33
version/liferay 7.4 ga/7.3-update34
version/liferay 7.4 ga/7.3-update35
version/liferay 7.4 ga/7.4
version/liferay 7.4 ga/7.4-update1
version/liferay 7.4 ga/7.4-update10
version/liferay 7.4 ga/7.4-update11
version/liferay 7.4 ga/7.4-update12
version/liferay 7.4 ga/7.4-update13
version/liferay 7.4 ga/7.4-update14
version/liferay 7.4 ga/7.4-update15
version/liferay 7.4 ga/7.4-update16
version/liferay 7.4 ga/7.4-update17
version/liferay 7.4 ga/7.4-update18
version/liferay 7.4 ga/7.4-update19
version/liferay 7.4 ga/7.4-update2
version/liferay 7.4 ga/7.4-update20
version/liferay 7.4 ga/7.4-update21
version/liferay 7.4 ga/7.4-update22
version/liferay 7.4 ga/7.4-update23
version/liferay 7.4 ga/7.4-update24
version/liferay 7.4 ga/7.4-update25
version/liferay 7.4 ga/7.4-update26
version/liferay 7.4 ga/7.4-update27
version/liferay 7.4 ga/7.4-update28
version/liferay 7.4 ga/7.4-update29
version/liferay 7.4 ga/7.4-update3
version/liferay 7.4 ga/7.4-update30
version/liferay 7.4 ga/7.4-update31
version/liferay 7.4 ga/7.4-update32
version/liferay 7.4 ga/7.4-update33
version/liferay 7.4 ga/7.4-update34
version/liferay 7.4 ga/7.4-update35
version/liferay 7.4 ga/7.4-update36
version/liferay 7.4 ga/7.4-update37
version/liferay 7.4 ga/7.4-update38
version/liferay 7.4 ga/7.4-update39
version/liferay 7.4 ga/7.4-update4
version/liferay 7.4 ga/7.4-update40
version/liferay 7.4 ga/7.4-update41
version/liferay 7.4 ga/7.4-update42
version/liferay 7.4 ga/7.4-update43
version/liferay 7.4 ga/7.4-update44
version/liferay 7.4 ga/7.4-update45
version/liferay 7.4 ga/7.4-update46
version/liferay 7.4 ga/7.4-update47
version/liferay 7.4 ga/7.4-update48
version/liferay 7.4 ga/7.4-update49
version/liferay 7.4 ga/7.4-update5
version/liferay 7.4 ga/7.4-update50
version/liferay 7.4 ga/7.4-update51
version/liferay 7.4 ga/7.4-update52
version/liferay 7.4 ga/7.4-update53
version/liferay 7.4 ga/7.4-update54
version/liferay 7.4 ga/7.4-update55
version/liferay 7.4 ga/7.4-update56
version/liferay 7.4 ga/7.4-update57
version/liferay 7.4 ga/7.4-update58
version/liferay 7.4 ga/7.4-update59
version/liferay 7.4 ga/7.4-update6
version/liferay 7.4 ga/7.4-update60
version/liferay 7.4 ga/7.4-update61
version/liferay 7.4 ga/7.4-update62
version/liferay 7.4 ga/7.4-update63
version/liferay 7.4 ga/7.4-update64
version/liferay 7.4 ga/7.4-update65
version/liferay 7.4 ga/7.4-update66
version/liferay 7.4 ga/7.4-update67
version/liferay 7.4 ga/7.4-update68
version/liferay 7.4 ga/7.4-update69
version/liferay 7.4 ga/7.4-update7
version/liferay 7.4 ga/7.4-update70
version/liferay 7.4 ga/7.4-update71
version/liferay 7.4 ga/7.4-update72
version/liferay 7.4 ga/7.4-update73
version/liferay 7.4 ga/7.4-update74
version/liferay 7.4 ga/7.4-update75
version/liferay 7.4 ga/7.4-update76
version/liferay 7.4 ga/7.4-update77
version/liferay 7.4 ga/7.4-update78
version/liferay 7.4 ga/7.4-update79
version/liferay 7.4 ga/7.4-update8
version/liferay 7.4 ga/7.4-update80
version/liferay 7.4 ga/7.4-update81
version/liferay 7.4 ga/7.4-update82
version/liferay 7.4 ga/7.4-update83
version/liferay 7.4 ga/7.4-update84
version/liferay 7.4 ga/7.4-update85
version/liferay 7.4 ga/7.4-update86
version/liferay 7.4 ga/7.4-update87
version/liferay 7.4 ga/7.4-update88
version/liferay 7.4 ga/7.4-update89
version/liferay 7.4 ga/7.4-update9
version/liferay 7.4 ga/7.4-update90
version/liferay 7.4 ga/7.4-update91
version/liferay 7.4 ga/7.4-update92
version/liferay 7.4 ga/7.4.0
package-manager/maven