Vulnerabilities > CVE-2020-7961 - Deserialization of Untrusted Data vulnerability in Liferay Portal

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
liferay
CWE-502
critical
exploit available
metasploit

Summary

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:48332
last seen2020-04-16
modified2020-04-16
published2020-04-16
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/48332
titleLiferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)

Metasploit

descriptionThis module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions < 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, and 7.2.1 GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.
idMSF:EXPLOIT/MULTI/HTTP/LIFERAY_JAVA_UNMARSHALLING
last seen2020-06-14
modified2020-04-22
published2020-04-08
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/liferay_java_unmarshalling.rb
titleLiferay Portal Java Unmarshalling via JSONWS RCE

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/157254/liferay_java_unmarshalling.rb.txt
idPACKETSTORM:157254
last seen2020-04-20
published2020-04-15
reporterMarkus Wulftange
sourcehttps://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
titleLiferay Portal Java Unmarshalling Remote Code Execution