Liferay Portal Deserialization of Untrusted Data Vulnerability - CVE-2020-15842 - Vulnerability Database

Liferay Portal Deserialization of Untrusted Data Vulnerability - CVE-2020-15842

High

Reference: CVE-2020-15842

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-15842

Title: Liferay Portal Deserialization of Untrusted Data Vulnerability

Overview:

Liferay Portal before 7.3.0 and Liferay DXP 7.0 before fix pack 90 7.1 before fix pack 17 and 7.2 before fix pack 5 allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads because of insecure deserialization.