Published: 04/10/2019 Updated: 24/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 670

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Liferay Portal

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

Vulnerable Product	Search on Vulmon	Subscribe to Product
liferay liferay portal 7.1.0
liferay liferay portal 7.0.6
liferay liferay portal 7.0.5
liferay liferay portal 7.0.4
liferay liferay portal 7.0.3
liferay liferay portal 7.0.2
liferay liferay portal 7.0.1
liferay liferay portal 7.0.0
liferay liferay portal 6.2.5
liferay liferay portal 6.2.4
liferay liferay portal 6.2.3
liferay liferay portal 6.2.2
liferay liferay portal 6.2.1
liferay liferay portal 6.2.0
liferay liferay portal 6.1.2
liferay liferay portal 6.1.1
liferay liferay portal 6.1.0
liferay liferay portal
liferay liferay portal 7.1.1
liferay liferay portal 7.1.2
liferay liferay portal 7.1.3
liferay liferay portal 7.2.0

CWE-502 https://www.youtube.com/watch?v=DjMEfQW3bf0 https://sec.vnpt.vn/2019/09/liferay-deserialization-json-deserialization-part-4/https://www.liferay.com/downloads-community https://dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook