Liferay Portal - Remote Code Execution CVE-2020-7961
- CVSSv3 Score
- Vulnerability description
Liferay Portal server is vulnerable to CVE-2020-7961, a Remote Code Injection vulnerability affecting multiple methods found in the
The root cause of this vulnerability is the improper deserialization of untrusted data provided by the user. A remote unauthenticated attacker can perform remote class loading through deserialization via a malicious machine that serves specially crafted Java class files that run arbitrary code on the target.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the Liferay Server in order to steal confidential information, install ransomware or pivot to the internal network.
- Exploit capabilities
Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.
Apply the latest updates for the Liferay Server.
- Not available