CVE-2019-16891

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

Published: Oct 4, 2019
Updated: May 9, 2024
CVE: CVE-2019-16891
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
liferay / liferay_portal	7.1.0-a1	7.1.0-a1.x
liferay / liferay_portal	7.1.0-a2	7.1.0-a2.x
liferay / liferay_portal	7.1.0-b1	7.1.0-b1.x
liferay / liferay_portal	7.1.0-b2	7.1.0-b2.x
liferay / liferay_portal	7.1.0-b3	7.1.0-b3.x
liferay / liferay_portal	7.1.0-ga1	7.1.0-ga1.x
liferay / liferay_portal	7.1.0-m1	7.1.0-m1.x
liferay / liferay_portal	7.1.0-m2	7.1.0-m2.x
liferay / liferay_portal	7.1.0-rc1	7.1.0-rc1.x
liferay / liferay_portal	7.0.6-ga7	7.0.6-ga7.x
liferay / liferay_portal	7.0.5-ga6	7.0.5-ga6.x
liferay / liferay_portal	7.0.4-ga5	7.0.4-ga5.x
liferay / liferay_portal	7.0.3-ga4	7.0.3-ga4.x
liferay / liferay_portal	7.0.2-ga3	7.0.2-ga3.x
liferay / liferay_portal	7.0.1-ga2	7.0.1-ga2.x
liferay / liferay_portal	7.0.0-a1	7.0.0-a1.x
liferay / liferay_portal	7.0.0-a2	7.0.0-a2.x
liferay / liferay_portal	7.0.0-a3	7.0.0-a3.x
liferay / liferay_portal	7.0.0-a4	7.0.0-a4.x
liferay / liferay_portal	7.0.0-a5	7.0.0-a5.x
liferay / liferay_portal	7.0.0-b1	7.0.0-b1.x
liferay / liferay_portal	7.0.0-b2	7.0.0-b2.x
liferay / liferay_portal	7.0.0-b3	7.0.0-b3.x
liferay / liferay_portal	7.0.0-b4	7.0.0-b4.x
liferay / liferay_portal	7.0.0-b5	7.0.0-b5.x
liferay / liferay_portal	7.0.0-b6	7.0.0-b6.x
liferay / liferay_portal	7.0.0-b7	7.0.0-b7.x
liferay / liferay_portal	7.0.0-ga1	7.0.0-ga1.x
liferay / liferay_portal	7.0.0-m1	7.0.0-m1.x
liferay / liferay_portal	7.0.0-m2	7.0.0-m2.x
liferay / liferay_portal	7.0.0-m3	7.0.0-m3.x
liferay / liferay_portal	7.0.0-m4	7.0.0-m4.x
liferay / liferay_portal	7.0.0-m5	7.0.0-m5.x
liferay / liferay_portal	7.0.0-m6	7.0.0-m6.x
liferay / liferay_portal	7.0.0-m7	7.0.0-m7.x
liferay / liferay_portal	6.2.5-ga6	6.2.5-ga6.x
liferay / liferay_portal	6.2.4-ga5	6.2.4-ga5.x
liferay / liferay_portal	6.2.3-ga4	6.2.3-ga4.x
liferay / liferay_portal	6.2.2-ga3	6.2.2-ga3.x
liferay / liferay_portal	6.2.1-ga2	6.2.1-ga2.x
liferay / liferay_portal	6.2.0-b1	6.2.0-b1.x
liferay / liferay_portal	6.2.0-b2	6.2.0-b2.x
liferay / liferay_portal	6.2.0-ga1	6.2.0-ga1.x
liferay / liferay_portal	6.2.0-m1	6.2.0-m1.x
liferay / liferay_portal	6.2.0-m2	6.2.0-m2.x
liferay / liferay_portal	6.2.0-m3	6.2.0-m3.x
liferay / liferay_portal	6.2.0-m4	6.2.0-m4.x
liferay / liferay_portal	6.2.0-m5	6.2.0-m5.x
liferay / liferay_portal	6.2.0-m6	6.2.0-m6.x
liferay / liferay_portal	6.2.0-rc1	6.2.0-rc1.x
liferay / liferay_portal	6.2.0-rc2	6.2.0-rc2.x
liferay / liferay_portal	6.2.0-rc3	6.2.0-rc3.x
liferay / liferay_portal	6.2.0-rc4	6.2.0-rc4.x
liferay / liferay_portal	6.2.0-rc5	6.2.0-rc5.x
liferay / liferay_portal	6.2.0-rc6	6.2.0-rc6.x
liferay / liferay_portal	6.1.2-ga3	6.1.2-ga3.x
liferay / liferay_portal	6.1.1-ga2	6.1.1-ga2.x
liferay / liferay_portal	6.1.0-b1	6.1.0-b1.x
liferay / liferay_portal	6.1.0-b2	6.1.0-b2.x
liferay / liferay_portal	6.1.0-b3	6.1.0-b3.x
liferay / liferay_portal	6.1.0-b4	6.1.0-b4.x
liferay / liferay_portal	6.1.0-ga1	6.1.0-ga1.x
liferay / liferay_portal	6.1.0-rc1	6.1.0-rc1.x
liferay / liferay_portal	-	6.0.6.x
liferay / liferay_portal	7.1.1-ga2	7.1.1-ga2.x
liferay / liferay_portal	7.1.2-ga3	7.1.2-ga3.x
liferay / liferay_portal	7.1.3-ga4	7.1.3-ga4.x
liferay / liferay_portal	7.2.0-alpha1	7.2.0-alpha1.x
liferay / liferay_portal	7.2.0-beta1	7.2.0-beta1.x
liferay / liferay_portal	7.2.0-beta2	7.2.0-beta2.x
liferay / liferay_portal	7.2.0-beta3	7.2.0-beta3.x
liferay / liferay_portal	7.2.0-rc2	7.2.0-rc2.x
liferay / liferay_portal	7.2.0-rc3	7.2.0-rc3.x
liferay / liferay_portal	7.2.0-m2	7.2.0-m2.x
liferay / liferay_portal	7.2.0-rc1	7.2.0-rc1.x

Vulnerability Database

290,020

CVE-2019-16891