HTTP: Liferay Portal JSON Web Service Insecure Deserialization

This signature detects attempts to exploit a known vulnerability against Liferay Portal. A successful attack can lead to arbitrary code execution.

Extended Description

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Affected Products

Liferay liferay_portal

References

CVE: CVE-2020-7961

Short Name
HTTP:CTS:LIFERAY-PORTAL-ID
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2020-7961 Deserialization Insecure JSON Liferay Portal Service Web
Release Date
06/04/2020
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3819
False Positive
Unknown
Vendors

Liferay

CVSS Score

7.5

Found a potential security threat?