TROYANOSYVIRUS
Retour aux CVEs

CVE-2020-7961

CRITICALCISA KEV
9.8

Description

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/20/2020
Derniere modification11/7/2025
Sourcekev
Observations honeypot0

CISA KEV

FournisseurLiferay
ProduitLiferay Portal
Nom vulnerabiliteLiferay Portal Deserialization of Untrusted Data Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown

Produits affectes

liferay:liferay_portal

Faiblesses (CWE)

CWE-502CWE-502

References

http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html(cve@mitre.org)
http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html(cve@mitre.org)
https://portal.liferay.dev/learn/security/known-vulnerabilities(cve@mitre.org)
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271(cve@mitre.org)
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/(cve@mitre.org)
http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://portal.liferay.dev/learn/security/known-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271(af854a3a-2127-422b-91ae-364da2661108)
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7961(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.