CVE-2020-15842
First published: Mon Jul 20 2020(Updated: )
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Liferay 7.4 GA | =7.0 | |
| Liferay 7.4 GA | =7.0-fix_pack_13 | |
| Liferay 7.4 GA | =7.0-fix_pack_14 | |
| Liferay 7.4 GA | =7.0-fix_pack_24 | |
| Liferay 7.4 GA | =7.0-fix_pack_25 | |
| Liferay 7.4 GA | =7.0-fix_pack_26 | |
| Liferay 7.4 GA | =7.0-fix_pack_27 | |
| Liferay 7.4 GA | =7.0-fix_pack_28 | |
| Liferay 7.4 GA | =7.0-fix_pack_3\+ | |
| Liferay 7.4 GA | =7.0-fix_pack_30 | |
| Liferay 7.4 GA | =7.0-fix_pack_33 | |
| Liferay 7.4 GA | =7.0-fix_pack_35 | |
| Liferay 7.4 GA | =7.0-fix_pack_36 | |
| Liferay 7.4 GA | =7.0-fix_pack_39 | |
| Liferay 7.4 GA | =7.0-fix_pack_40 | |
| Liferay 7.4 GA | =7.0-fix_pack_41 | |
| Liferay 7.4 GA | =7.0-fix_pack_42 | |
| Liferay 7.4 GA | =7.0-fix_pack_43 | |
| Liferay 7.4 GA | =7.0-fix_pack_44 | |
| Liferay 7.4 GA | =7.0-fix_pack_45 | |
| Liferay 7.4 GA | =7.0-fix_pack_46 | |
| Liferay 7.4 GA | =7.0-fix_pack_47 | |
| Liferay 7.4 GA | =7.0-fix_pack_48 | |
| Liferay 7.4 GA | =7.0-fix_pack_49 | |
| Liferay 7.4 GA | =7.0-fix_pack_50 | |
| Liferay 7.4 GA | =7.0-fix_pack_51 | |
| Liferay 7.4 GA | =7.0-fix_pack_52 | |
| Liferay 7.4 GA | =7.0-fix_pack_53 | |
| Liferay 7.4 GA | =7.0-fix_pack_54 | |
| Liferay 7.4 GA | =7.0-fix_pack_56 | |
| Liferay 7.4 GA | =7.0-fix_pack_57 | |
| Liferay 7.4 GA | =7.0-fix_pack_58 | |
| Liferay 7.4 GA | =7.0-fix_pack_59 | |
| Liferay 7.4 GA | =7.0-fix_pack_60 | |
| Liferay 7.4 GA | =7.0-fix_pack_61 | |
| Liferay 7.4 GA | =7.0-fix_pack_64 | |
| Liferay 7.4 GA | =7.0-fix_pack_65 | |
| Liferay 7.4 GA | =7.0-fix_pack_66 | |
| Liferay 7.4 GA | =7.0-fix_pack_67 | |
| Liferay 7.4 GA | =7.0-fix_pack_68 | |
| Liferay 7.4 GA | =7.0-fix_pack_69 | |
| Liferay 7.4 GA | =7.0-fix_pack_70 | |
| Liferay 7.4 GA | =7.0-fix_pack_71 | |
| Liferay 7.4 GA | =7.0-fix_pack_72 | |
| Liferay 7.4 GA | =7.0-fix_pack_73 | |
| Liferay 7.4 GA | =7.0-fix_pack_75 | |
| Liferay 7.4 GA | =7.0-fix_pack_76 | |
| Liferay 7.4 GA | =7.0-fix_pack_78 | |
| Liferay 7.4 GA | =7.0-fix_pack_79 | |
| Liferay 7.4 GA | =7.0-fix_pack_80 | |
| Liferay 7.4 GA | =7.0-fix_pack_81 | |
| Liferay 7.4 GA | =7.1 | |
| Liferay 7.4 GA | =7.1-fix_pack_1 | |
| Liferay 7.4 GA | =7.1-fix_pack_10 | |
| Liferay 7.4 GA | =7.1-fix_pack_11 | |
| Liferay 7.4 GA | =7.1-fix_pack_12 | |
| Liferay 7.4 GA | =7.1-fix_pack_13 | |
| Liferay 7.4 GA | =7.1-fix_pack_14 | |
| Liferay 7.4 GA | =7.1-fix_pack_15 | |
| Liferay 7.4 GA | =7.1-fix_pack_16 | |
| Liferay 7.4 GA | =7.1-fix_pack_2 | |
| Liferay 7.4 GA | =7.1-fix_pack_3 | |
| Liferay 7.4 GA | =7.1-fix_pack_4 | |
| Liferay 7.4 GA | =7.1-fix_pack_5 | |
| Liferay 7.4 GA | =7.1-fix_pack_6 | |
| Liferay 7.4 GA | =7.1-fix_pack_7 | |
| Liferay 7.4 GA | =7.1-fix_pack_8 | |
| Liferay 7.4 GA | =7.1-fix_pack_9 | |
| Liferay 7.4 GA | =7.2 | |
| Liferay 7.4 GA | =7.2-fix_pack_1 | |
| Liferay 7.4 GA | =7.2-fix_pack_2 | |
| Liferay 7.4 GA | =7.2-fix_pack_3 | |
| Liferay 7.4 GA | =7.2-fix_pack_4 | |
| Liferay 7.4 GA | =7.2-fix_pack_5 | |
| Liferay 7.4 GA | <7.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-15842?
CVE-2020-15842 is classified as a high severity vulnerability due to its potential for unauthorized code execution.
How do I fix CVE-2020-15842?
To fix CVE-2020-15842, upgrade to Liferay Portal version 7.3.0 or later, or apply the necessary fix packs for Liferay DXP 7.0, 7.1, and 7.2.
Who is affected by CVE-2020-15842?
CVE-2020-15842 affects Liferay Portal versions prior to 7.3.0 and Liferay DXP versions before their respective fix packs.
What type of attack does CVE-2020-15842 enable?
CVE-2020-15842 allows man-in-the-middle attackers to execute arbitrary code through insecure deserialization.
What are the impacted versions for CVE-2020-15842?
CVE-2020-15842 impacts Liferay Portal before 7.3.0 and Liferay DXP versions 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/liferay
- canonical/liferay 7.4 ga
- version/liferay 7.4 ga/7.0
- version/liferay 7.4 ga/7.0-fix_pack_13
- version/liferay 7.4 ga/7.0-fix_pack_14
- version/liferay 7.4 ga/7.0-fix_pack_24
- version/liferay 7.4 ga/7.0-fix_pack_25
- version/liferay 7.4 ga/7.0-fix_pack_26
- version/liferay 7.4 ga/7.0-fix_pack_27
- version/liferay 7.4 ga/7.0-fix_pack_28
- version/liferay 7.4 ga/7.0-fix_pack_3\+
- version/liferay 7.4 ga/7.0-fix_pack_30
- version/liferay 7.4 ga/7.0-fix_pack_33
- version/liferay 7.4 ga/7.0-fix_pack_35
- version/liferay 7.4 ga/7.0-fix_pack_36
- version/liferay 7.4 ga/7.0-fix_pack_39
- version/liferay 7.4 ga/7.0-fix_pack_40
- version/liferay 7.4 ga/7.0-fix_pack_41
- version/liferay 7.4 ga/7.0-fix_pack_42
- version/liferay 7.4 ga/7.0-fix_pack_43
- version/liferay 7.4 ga/7.0-fix_pack_44
- version/liferay 7.4 ga/7.0-fix_pack_45
- version/liferay 7.4 ga/7.0-fix_pack_46
- version/liferay 7.4 ga/7.0-fix_pack_47
- version/liferay 7.4 ga/7.0-fix_pack_48
- version/liferay 7.4 ga/7.0-fix_pack_49
- version/liferay 7.4 ga/7.0-fix_pack_50
- version/liferay 7.4 ga/7.0-fix_pack_51
- version/liferay 7.4 ga/7.0-fix_pack_52
- version/liferay 7.4 ga/7.0-fix_pack_53
- version/liferay 7.4 ga/7.0-fix_pack_54
- version/liferay 7.4 ga/7.0-fix_pack_56
- version/liferay 7.4 ga/7.0-fix_pack_57
- version/liferay 7.4 ga/7.0-fix_pack_58
- version/liferay 7.4 ga/7.0-fix_pack_59
- version/liferay 7.4 ga/7.0-fix_pack_60
- version/liferay 7.4 ga/7.0-fix_pack_61
- version/liferay 7.4 ga/7.0-fix_pack_64
- version/liferay 7.4 ga/7.0-fix_pack_65
- version/liferay 7.4 ga/7.0-fix_pack_66
- version/liferay 7.4 ga/7.0-fix_pack_67
- version/liferay 7.4 ga/7.0-fix_pack_68
- version/liferay 7.4 ga/7.0-fix_pack_69
- version/liferay 7.4 ga/7.0-fix_pack_70
- version/liferay 7.4 ga/7.0-fix_pack_71
- version/liferay 7.4 ga/7.0-fix_pack_72
- version/liferay 7.4 ga/7.0-fix_pack_73
- version/liferay 7.4 ga/7.0-fix_pack_75
- version/liferay 7.4 ga/7.0-fix_pack_76
- version/liferay 7.4 ga/7.0-fix_pack_78
- version/liferay 7.4 ga/7.0-fix_pack_79
- version/liferay 7.4 ga/7.0-fix_pack_80
- version/liferay 7.4 ga/7.0-fix_pack_81
- version/liferay 7.4 ga/7.1
- version/liferay 7.4 ga/7.1-fix_pack_1
- version/liferay 7.4 ga/7.1-fix_pack_10
- version/liferay 7.4 ga/7.1-fix_pack_11
- version/liferay 7.4 ga/7.1-fix_pack_12
- version/liferay 7.4 ga/7.1-fix_pack_13
- version/liferay 7.4 ga/7.1-fix_pack_14
- version/liferay 7.4 ga/7.1-fix_pack_15
- version/liferay 7.4 ga/7.1-fix_pack_16
- version/liferay 7.4 ga/7.1-fix_pack_2
- version/liferay 7.4 ga/7.1-fix_pack_3
- version/liferay 7.4 ga/7.1-fix_pack_4
- version/liferay 7.4 ga/7.1-fix_pack_5
- version/liferay 7.4 ga/7.1-fix_pack_6
- version/liferay 7.4 ga/7.1-fix_pack_7
- version/liferay 7.4 ga/7.1-fix_pack_8
- version/liferay 7.4 ga/7.1-fix_pack_9
- version/liferay 7.4 ga/7.2
- version/liferay 7.4 ga/7.2-fix_pack_1
- version/liferay 7.4 ga/7.2-fix_pack_2
- version/liferay 7.4 ga/7.2-fix_pack_3
- version/liferay 7.4 ga/7.2-fix_pack_4
- version/liferay 7.4 ga/7.2-fix_pack_5