Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-30T01:45:45.156Z

Reserved: 2020-01-24T00:00:00.000Z

Link: CVE-2020-7961

cve-icon Vulnrichment

Updated: 2024-08-04T09:48:24.538Z

cve-icon NVD

Status : Analyzed

Published: 2020-03-20T19:15:12.737

Modified: 2025-03-14T20:38:00.083

Link: CVE-2020-7961

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.