Description

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Remediation

References

CVE-2020-7961

Related Vulnerabilities

WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)

WordPress Plugin WooCommerce Cross-Site Request Forgery (2.2.2)

Drupal Other Vulnerability (CVE-2006-5475)

WordPress Plugin WP Rss Poster SQL Injection (1.0.0)

Grafana CVE-2023-4822 Vulnerability (CVE-2023-4822)

Severity

Critical

Classification

CVE-2020-7961 CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities