CVE-2019-16891
First published: Fri Oct 04 2019(Updated: )
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay 7.4 GA | <=6.0.6 | |
| Liferay 7.4 GA | =6.1.0-b1 | |
| Liferay 7.4 GA | =6.1.0-b2 | |
| Liferay 7.4 GA | =6.1.0-b3 | |
| Liferay 7.4 GA | =6.1.0-b4 | |
| Liferay 7.4 GA | =6.1.0-ga1 | |
| Liferay 7.4 GA | =6.1.0-rc1 | |
| Liferay 7.4 GA | =6.1.1-ga2 | |
| Liferay 7.4 GA | =6.1.2-ga3 | |
| Liferay 7.4 GA | =6.2.0-b1 | |
| Liferay 7.4 GA | =6.2.0-b2 | |
| Liferay 7.4 GA | =6.2.0-ga1 | |
| Liferay 7.4 GA | =6.2.0-m1 | |
| Liferay 7.4 GA | =6.2.0-m2 | |
| Liferay 7.4 GA | =6.2.0-m3 | |
| Liferay 7.4 GA | =6.2.0-m4 | |
| Liferay 7.4 GA | =6.2.0-m5 | |
| Liferay 7.4 GA | =6.2.0-m6 | |
| Liferay 7.4 GA | =6.2.0-rc1 | |
| Liferay 7.4 GA | =6.2.0-rc2 | |
| Liferay 7.4 GA | =6.2.0-rc3 | |
| Liferay 7.4 GA | =6.2.0-rc4 | |
| Liferay 7.4 GA | =6.2.0-rc5 | |
| Liferay 7.4 GA | =6.2.0-rc6 | |
| Liferay 7.4 GA | =6.2.1-ga2 | |
| Liferay 7.4 GA | =6.2.2-ga3 | |
| Liferay 7.4 GA | =6.2.3-ga4 | |
| Liferay 7.4 GA | =6.2.4-ga5 | |
| Liferay 7.4 GA | =6.2.5-ga6 | |
| Liferay 7.4 GA | =7.0.0-a1 | |
| Liferay 7.4 GA | =7.0.0-a2 | |
| Liferay 7.4 GA | =7.0.0-a3 | |
| Liferay 7.4 GA | =7.0.0-a4 | |
| Liferay 7.4 GA | =7.0.0-a5 | |
| Liferay 7.4 GA | =7.0.0-b1 | |
| Liferay 7.4 GA | =7.0.0-b2 | |
| Liferay 7.4 GA | =7.0.0-b3 | |
| Liferay 7.4 GA | =7.0.0-b4 | |
| Liferay 7.4 GA | =7.0.0-b5 | |
| Liferay 7.4 GA | =7.0.0-b6 | |
| Liferay 7.4 GA | =7.0.0-b7 | |
| Liferay 7.4 GA | =7.0.0-ga1 | |
| Liferay 7.4 GA | =7.0.0-m1 | |
| Liferay 7.4 GA | =7.0.0-m2 | |
| Liferay 7.4 GA | =7.0.0-m3 | |
| Liferay 7.4 GA | =7.0.0-m4 | |
| Liferay 7.4 GA | =7.0.0-m5 | |
| Liferay 7.4 GA | =7.0.0-m6 | |
| Liferay 7.4 GA | =7.0.0-m7 | |
| Liferay 7.4 GA | =7.0.1-ga2 | |
| Liferay 7.4 GA | =7.0.2-ga3 | |
| Liferay 7.4 GA | =7.0.3-ga4 | |
| Liferay 7.4 GA | =7.0.4-ga5 | |
| Liferay 7.4 GA | =7.0.5-ga6 | |
| Liferay 7.4 GA | =7.0.6-ga7 | |
| Liferay 7.4 GA | =7.1.0-a1 | |
| Liferay 7.4 GA | =7.1.0-a2 | |
| Liferay 7.4 GA | =7.1.0-b1 | |
| Liferay 7.4 GA | =7.1.0-b2 | |
| Liferay 7.4 GA | =7.1.0-b3 | |
| Liferay 7.4 GA | =7.1.0-ga1 | |
| Liferay 7.4 GA | =7.1.0-m1 | |
| Liferay 7.4 GA | =7.1.0-m2 | |
| Liferay 7.4 GA | =7.1.0-rc1 | |
| Liferay 7.4 GA | =7.1.1-ga2 | |
| Liferay 7.4 GA | =7.1.2-ga3 | |
| Liferay 7.4 GA | =7.1.3-ga4 | |
| Liferay 7.4 GA | =7.2.0-alpha1 | |
| Liferay 7.4 GA | =7.2.0-beta1 | |
| Liferay 7.4 GA | =7.2.0-beta2 | |
| Liferay 7.4 GA | =7.2.0-beta3 | |
| Liferay 7.4 GA | =7.2.0-m2 | |
| Liferay 7.4 GA | =7.2.0-rc1 | |
| Liferay 7.4 GA | =7.2.0-rc2 | |
| Liferay 7.4 GA | =7.2.0-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-16891?
CVE-2019-16891 is classified as a critical severity vulnerability allowing remote command execution.
How do I fix CVE-2019-16891?
To fix CVE-2019-16891, users should update their Liferay Portal to version 6.2.6 or higher.
What is the impact of CVE-2019-16891?
CVE-2019-16891 allows attackers to execute arbitrary commands on the server, leading to potential data breaches and system compromise.
Which versions of Liferay are affected by CVE-2019-16891?
Liferay Portal CE versions prior to 6.2.6 are vulnerable to CVE-2019-16891.
Is CVE-2019-16891 exploitable remotely?
Yes, CVE-2019-16891 is exploitable remotely, allowing attackers to target vulnerable instances over the internet.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/liferay
- canonical/liferay 7.4 ga
- version/liferay 7.4 ga/6.0.6
- version/liferay 7.4 ga/6.1.0-b1
- version/liferay 7.4 ga/6.1.0-b2
- version/liferay 7.4 ga/6.1.0-b3
- version/liferay 7.4 ga/6.1.0-b4
- version/liferay 7.4 ga/6.1.0-ga1
- version/liferay 7.4 ga/6.1.0-rc1
- version/liferay 7.4 ga/6.1.1-ga2
- version/liferay 7.4 ga/6.1.2-ga3
- version/liferay 7.4 ga/6.2.0-b1
- version/liferay 7.4 ga/6.2.0-b2
- version/liferay 7.4 ga/6.2.0-ga1
- version/liferay 7.4 ga/6.2.0-m1
- version/liferay 7.4 ga/6.2.0-m2
- version/liferay 7.4 ga/6.2.0-m3
- version/liferay 7.4 ga/6.2.0-m4
- version/liferay 7.4 ga/6.2.0-m5
- version/liferay 7.4 ga/6.2.0-m6
- version/liferay 7.4 ga/6.2.0-rc1
- version/liferay 7.4 ga/6.2.0-rc2
- version/liferay 7.4 ga/6.2.0-rc3
- version/liferay 7.4 ga/6.2.0-rc4
- version/liferay 7.4 ga/6.2.0-rc5
- version/liferay 7.4 ga/6.2.0-rc6
- version/liferay 7.4 ga/6.2.1-ga2
- version/liferay 7.4 ga/6.2.2-ga3
- version/liferay 7.4 ga/6.2.3-ga4
- version/liferay 7.4 ga/6.2.4-ga5
- version/liferay 7.4 ga/6.2.5-ga6
- version/liferay 7.4 ga/7.0.0-a1
- version/liferay 7.4 ga/7.0.0-a2
- version/liferay 7.4 ga/7.0.0-a3
- version/liferay 7.4 ga/7.0.0-a4
- version/liferay 7.4 ga/7.0.0-a5
- version/liferay 7.4 ga/7.0.0-b1
- version/liferay 7.4 ga/7.0.0-b2
- version/liferay 7.4 ga/7.0.0-b3
- version/liferay 7.4 ga/7.0.0-b4
- version/liferay 7.4 ga/7.0.0-b5
- version/liferay 7.4 ga/7.0.0-b6
- version/liferay 7.4 ga/7.0.0-b7
- version/liferay 7.4 ga/7.0.0-ga1
- version/liferay 7.4 ga/7.0.0-m1
- version/liferay 7.4 ga/7.0.0-m2
- version/liferay 7.4 ga/7.0.0-m3
- version/liferay 7.4 ga/7.0.0-m4
- version/liferay 7.4 ga/7.0.0-m5
- version/liferay 7.4 ga/7.0.0-m6
- version/liferay 7.4 ga/7.0.0-m7
- version/liferay 7.4 ga/7.0.1-ga2
- version/liferay 7.4 ga/7.0.2-ga3
- version/liferay 7.4 ga/7.0.3-ga4
- version/liferay 7.4 ga/7.0.4-ga5
- version/liferay 7.4 ga/7.0.5-ga6
- version/liferay 7.4 ga/7.0.6-ga7
- version/liferay 7.4 ga/7.1.0-a1
- version/liferay 7.4 ga/7.1.0-a2
- version/liferay 7.4 ga/7.1.0-b1
- version/liferay 7.4 ga/7.1.0-b2
- version/liferay 7.4 ga/7.1.0-b3
- version/liferay 7.4 ga/7.1.0-ga1
- version/liferay 7.4 ga/7.1.0-m1
- version/liferay 7.4 ga/7.1.0-m2
- version/liferay 7.4 ga/7.1.0-rc1
- version/liferay 7.4 ga/7.1.1-ga2
- version/liferay 7.4 ga/7.1.2-ga3
- version/liferay 7.4 ga/7.1.3-ga4
- version/liferay 7.4 ga/7.2.0-alpha1
- version/liferay 7.4 ga/7.2.0-beta1
- version/liferay 7.4 ga/7.2.0-beta2
- version/liferay 7.4 ga/7.2.0-beta3
- version/liferay 7.4 ga/7.2.0-m2
- version/liferay 7.4 ga/7.2.0-rc1
- version/liferay 7.4 ga/7.2.0-rc2
- version/liferay 7.4 ga/7.2.0-rc3