CVE-2020-7961

CVSS 9.8 CRITICALEPSS 99.8%● KEVCWE-502

In short

Liferay Portal versions before 7.2.1 CE GA2 have a flaw that allows attackers to run malicious code by sending specially crafted requests through JSON web services. This happens because the system processes untrusted data without proper validation.

Technical detail

CWE-502 deserialization vulnerability in Liferay JSONWS endpoint enables remote code execution when untrusted serialized objects are processed without validation. Attack vector is network-based, requires no authentication pre-condition on exposed JSONWS services, and results in complete system compromise.

Summary generated and translated by AI from the official description.

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 15

githubgithub.com/mzer0one/CVE-2020-7961-POC★ 118 githubgithub.com/ShutdownRepo/CVE-2020-7961★ 18 githubgithub.com/thelostworldFree/CVE-2020-7961-payloads★ 5 githubgithub.com/CrackerCat/CVE-2020-7961-Mass★ 2 githubgithub.com/wcxxxxx/CVE-2020-7961★ 1 githubgithub.com/manrop2702/CVE-2020-7961★ 0 githubgithub.com/neverhavenamee/CVE-2020-7961★ 0 githubgithub.com/NMinhTrung/LIFERAY-CVE-2020-7961★ 0 githubgithub.com/d4ngkh04w/CVE-2020-7961★ 0 githubgithub.com/Alaa-abdulridha/POC-CVE-2020-7961-Token-iterate★ 0 githubgithub.com/Alaa-abdulridha/GLiferay-CVE-2020-7961-golang★ 0 githubgithub.com/pashayogi/CVE-2020-7961-Mass★ 0 exploitdbwww.exploit-db.com/exploits/48332unverified cve_referencepacketstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.htmlunverified cve_referencepacketstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html https://portal.liferay.dev/learn/security/known-vulnerabilities https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-7961