CVE-2020-7961

Sažetak

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Reference

http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html
https://portal.liferay.dev/learn/security/known-vulnerabilities
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html
https://portal.liferay.dev/learn/security/known-vulnerabilities
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7961

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2025 - 22:04

Objavljeno

20-03-2020 - 19:15