WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-15842)

Description

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.

Remediation

References

Related Vulnerabilities

WordPress Plugin WPtouch 'wptouch_redirect' Parameter URI Redirection (1.9.32)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4283)

Apache HTTP Server Other Vulnerability (CVE-2002-0654)

WordPress Plugin UserPro-Community and User Profile Cross-Site Scripting (4.9.33)

Python Files or Directories Accessible to External Parties Vulnerability (CVE-2019-13404)

Severity

High

Classification

CVE-2020-15842 CWE-502

Tags

Missing Update Known Vulnerabilities