CVE-2020-15842 HIGH

CVE-2020-15842

Vendor N/A
Product n/a
Published July 20, 2020
Last update August 4, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

What the vulnerability does

01Description

Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.

Key dates

02Disclosure timeline

July 20, 2020 CVE published
August 4, 2024 Record updated