CVE-2019-16891

Exploit

EPSS 84.81%
Published 04.10.2019 14:15:11
Last modified 21.11.2024 04:31:17
Source cve@mitre.org
Teams watchlist Login
Open Login

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Liferay ≫ Liferay Portal SwEditioncommunity Version <= 6.0.6

Liferay ≫ Liferay Portal Version6.1.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updateb4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.1.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updatem6 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.0 Updaterc6 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.4 Updatega5 SwEditioncommunity

Liferay ≫ Liferay Portal Version6.2.5 Updatega6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatea5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updateb7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.0 Updatem7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.4 Updatega5 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.5 Updatega6 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.0.6 Updatega7 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatea1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatea2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updateb3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatega1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatem1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.1 Updatega2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.2 Updatega3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.1.3 Updatega4 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updatealpha1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updatebeta1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updatebeta2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updatebeta3 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updatem2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updaterc1 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updaterc2 SwEditioncommunity

Liferay ≫ Liferay Portal Version7.2.0 Updaterc3 SwEditioncommunity

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	84.81%	0.993

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://dappsec.substack.com/p/an-advisory-for-cve-2019-16891-from

Third Party Advisory

Exploit

https://sec.vnpt.vn/2019/09/liferay-deserialization-json-deserialization-part-4/

Third Party Advisory

Exploit

https://www.liferay.com/downloads-community

Product

Release Notes

https://www.youtube.com/watch?v=DjMEfQW3bf0

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-16891

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-16891

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-16891

EUVD