Liferay Portal Deserialization of Untrusted Data Vulnerability - CVE-2020-15842 - Vulnerability Database

Liferay Portal Deserialization of Untrusted Data Vulnerability - CVE-2020-15842

High
Reference: CVE-2020-15842
Title: Liferay Portal Deserialization of Untrusted Data Vulnerability
Overview:

Liferay Portal before 7.3.0 and Liferay DXP 7.0 before fix pack 90 7.1 before fix pack 17 and 7.2 before fix pack 5 allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads because of insecure deserialization.