Description

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.

Remediation

References

CVE-2020-15842

Related Vulnerabilities

Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9576)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43708)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-1428)

phpBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2003-1530)

WordPress Plugin Search Unleashed 'Log' Function HTML Injection (0.2.10)

Severity

High

Classification

CVE-2020-15842 CWE-502

Tags

Missing Update Known Vulnerabilities