← Back

CVE-2019-16891

nvd nist
Published: Oct 4, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

Affected (75)

Liferay
1 product
Liferay Portal
Configuration A
75 vulnerable
Vulnerable SoftwareAffected Versions
Liferay
Liferay Portal
Up to 6.0.6
Liferay Portal
Version 6.1.0 b1
Liferay Portal
Version 6.1.0 b2
Liferay Portal
Version 6.1.0 b3
Liferay Portal
Version 6.1.0 b4
Liferay Portal
Version 6.1.0 ga1
Liferay Portal
Version 6.1.0 rc1
Liferay Portal
Version 6.1.1 ga2
Liferay Portal
Version 6.1.2 ga3
Liferay Portal
Version 6.2.0 b1
Liferay Portal
Version 6.2.0 b2
Liferay Portal
Version 6.2.0 ga1
Liferay Portal
Version 6.2.0 m1
Liferay Portal
Version 6.2.0 m2
Liferay Portal
Version 6.2.0 m3
Liferay Portal
Version 6.2.0 m4
Liferay Portal
Version 6.2.0 m5
Liferay Portal
Version 6.2.0 m6
Liferay Portal
Version 6.2.0 rc1
Liferay Portal
Version 6.2.0 rc2
Liferay Portal
Version 6.2.0 rc3
Liferay Portal
Version 6.2.0 rc4
Liferay Portal
Version 6.2.0 rc5
Liferay Portal
Version 6.2.0 rc6
Liferay Portal
Version 6.2.1 ga2
Liferay Portal
Version 6.2.2 ga3
Liferay Portal
Version 6.2.3 ga4
Liferay Portal
Version 6.2.4 ga5
Liferay Portal
Version 6.2.5 ga6
Liferay Portal
Version 7.0.0 a1
Liferay Portal
Version 7.0.0 a2
Liferay Portal
Version 7.0.0 a3
Liferay Portal
Version 7.0.0 a4
Liferay Portal
Version 7.0.0 a5
Liferay Portal
Version 7.0.0 b1
Liferay Portal
Version 7.0.0 b2
Liferay Portal
Version 7.0.0 b3
Liferay Portal
Version 7.0.0 b4
Liferay Portal
Version 7.0.0 b5
Liferay Portal
Version 7.0.0 b6
Liferay Portal
Version 7.0.0 b7
Liferay Portal
Version 7.0.0 ga1
Liferay Portal
Version 7.0.0 m1
Liferay Portal
Version 7.0.0 m2
Liferay Portal
Version 7.0.0 m3
Liferay Portal
Version 7.0.0 m4
Liferay Portal
Version 7.0.0 m5
Liferay Portal
Version 7.0.0 m6
Liferay Portal
Version 7.0.0 m7
Liferay Portal
Version 7.0.1 ga2
Liferay Portal
Version 7.0.2 ga3
Liferay Portal
Version 7.0.3 ga4
Liferay Portal
Version 7.0.4 ga5
Liferay Portal
Version 7.0.5 ga6
Liferay Portal
Version 7.0.6 ga7
Liferay Portal
Version 7.1.0 a1
Liferay Portal
Version 7.1.0 a2
Liferay Portal
Version 7.1.0 b1
Liferay Portal
Version 7.1.0 b2
Liferay Portal
Version 7.1.0 b3
Liferay Portal
Version 7.1.0 ga1
Liferay Portal
Version 7.1.0 m1
Liferay Portal
Version 7.1.0 m2
Liferay Portal
Version 7.1.0 rc1
Liferay Portal
Version 7.1.1 ga2
Liferay Portal
Version 7.1.2 ga3
Liferay Portal
Version 7.1.3 ga4
Liferay Portal
Version 7.2.0 alpha1
Liferay Portal
Version 7.2.0 beta1
Liferay Portal
Version 7.2.0 beta2
Liferay Portal
Version 7.2.0 beta3
Liferay Portal
Version 7.2.0 m2
Liferay Portal
Version 7.2.0 rc1
Liferay Portal
Version 7.2.0 rc2
Liferay Portal
Version 7.2.0 rc3

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (8)

Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
ProductRelease Notes
Source: cve@mitre.org
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductRelease Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit

Timeline

No history available yet.