CVE-2020-15842

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
liferaydigital_experience_platform
7.0
liferaydigital_experience_platform
7.0:fix_pack_13
liferaydigital_experience_platform
7.0:fix_pack_14
liferaydigital_experience_platform
7.0:fix_pack_24
liferaydigital_experience_platform
7.0:fix_pack_25
liferaydigital_experience_platform
7.0:fix_pack_26
liferaydigital_experience_platform
7.0:fix_pack_27
liferaydigital_experience_platform
7.0:fix_pack_28
liferaydigital_experience_platform
7.0:fix_pack_3
liferaydigital_experience_platform
7.0:fix_pack_30
liferaydigital_experience_platform
7.0:fix_pack_33
liferaydigital_experience_platform
7.0:fix_pack_35
liferaydigital_experience_platform
7.0:fix_pack_36
liferaydigital_experience_platform
7.0:fix_pack_39
liferaydigital_experience_platform
7.0:fix_pack_40
liferaydigital_experience_platform
7.0:fix_pack_41
liferaydigital_experience_platform
7.0:fix_pack_42
liferaydigital_experience_platform
7.0:fix_pack_43
liferaydigital_experience_platform
7.0:fix_pack_44
liferaydigital_experience_platform
7.0:fix_pack_45
liferaydigital_experience_platform
7.0:fix_pack_46
liferaydigital_experience_platform
7.0:fix_pack_47
liferaydigital_experience_platform
7.0:fix_pack_48
liferaydigital_experience_platform
7.0:fix_pack_49
liferaydigital_experience_platform
7.0:fix_pack_50
liferaydigital_experience_platform
7.0:fix_pack_51
liferaydigital_experience_platform
7.0:fix_pack_52
liferaydigital_experience_platform
7.0:fix_pack_53
liferaydigital_experience_platform
7.0:fix_pack_54
liferaydigital_experience_platform
7.0:fix_pack_56
liferaydigital_experience_platform
7.0:fix_pack_57
liferaydigital_experience_platform
7.0:fix_pack_58
liferaydigital_experience_platform
7.0:fix_pack_59
liferaydigital_experience_platform
7.0:fix_pack_60
liferaydigital_experience_platform
7.0:fix_pack_61
liferaydigital_experience_platform
7.0:fix_pack_64
liferaydigital_experience_platform
7.0:fix_pack_65
liferaydigital_experience_platform
7.0:fix_pack_66
liferaydigital_experience_platform
7.0:fix_pack_67
liferaydigital_experience_platform
7.0:fix_pack_68
liferaydigital_experience_platform
7.0:fix_pack_69
liferaydigital_experience_platform
7.0:fix_pack_70
liferaydigital_experience_platform
7.0:fix_pack_71
liferaydigital_experience_platform
7.0:fix_pack_72
liferaydigital_experience_platform
7.0:fix_pack_73
liferaydigital_experience_platform
7.0:fix_pack_75
liferaydigital_experience_platform
7.0:fix_pack_76
liferaydigital_experience_platform
7.0:fix_pack_78
liferaydigital_experience_platform
7.0:fix_pack_79
liferaydigital_experience_platform
7.0:fix_pack_80
liferaydigital_experience_platform
7.0:fix_pack_81
liferaydigital_experience_platform
7.1
liferaydigital_experience_platform
7.1:fix_pack_1
liferaydigital_experience_platform
7.1:fix_pack_10
liferaydigital_experience_platform
7.1:fix_pack_11
liferaydigital_experience_platform
7.1:fix_pack_12
liferaydigital_experience_platform
7.1:fix_pack_13
liferaydigital_experience_platform
7.1:fix_pack_14
liferaydigital_experience_platform
7.1:fix_pack_15
liferaydigital_experience_platform
7.1:fix_pack_16
liferaydigital_experience_platform
7.1:fix_pack_2
liferaydigital_experience_platform
7.1:fix_pack_3
liferaydigital_experience_platform
7.1:fix_pack_4
liferaydigital_experience_platform
7.1:fix_pack_5
liferaydigital_experience_platform
7.1:fix_pack_6
liferaydigital_experience_platform
7.1:fix_pack_7
liferaydigital_experience_platform
7.1:fix_pack_8
liferaydigital_experience_platform
7.1:fix_pack_9
liferaydigital_experience_platform
7.2
liferaydigital_experience_platform
7.2:fix_pack_1
liferaydigital_experience_platform
7.2:fix_pack_2
liferaydigital_experience_platform
7.2:fix_pack_3
liferaydigital_experience_platform
7.2:fix_pack_4
liferaydigital_experience_platform
7.2:fix_pack_5
liferayliferay_portal
𝑥
< 7.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://issues.liferay.com/browse/LPE-16963
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427
https://issues.liferay.com/browse/LPE-16963
https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119317427