8.1
CVE-2020-15842
- EPSS 0.57%
- Published 20.07.2020 02:15:11
- Last modified 13.05.2025 18:17:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
Data is provided by the National Vulnerability Database (NVD)
Liferay ≫ Digital Experience Platform Version7.0 Update-
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_13
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_14
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_24
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_25
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_26
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_27
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_28
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_3
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_30
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_33
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_35
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_36
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_39
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_40
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_41
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_42
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_43
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_44
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_45
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_46
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_47
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_48
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_49
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_50
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_51
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_52
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_53
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_54
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_56
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_57
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_58
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_59
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_60
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_61
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_64
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_65
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_66
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_67
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_68
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_69
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_70
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_71
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_72
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_73
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_75
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_76
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_78
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_79
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_80
Liferay ≫ Digital Experience Platform Version7.0 Updatefix_pack_81
Liferay ≫ Digital Experience Platform Version7.1 Update-
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_1
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_10
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_11
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_12
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_13
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_14
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_15
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_16
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_2
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_3
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_4
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_5
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_6
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_7
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_8
Liferay ≫ Digital Experience Platform Version7.1 Updatefix_pack_9
Liferay ≫ Digital Experience Platform Version7.2 Update-
Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_1
Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_2
Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_3
Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_4
Liferay ≫ Digital Experience Platform Version7.2 Updatefix_pack_5
Liferay ≫ Liferay Portal Version < 7.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.659 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.