Multiple simple RCE-vulnerabilities in Liferay-Portal (CVE-2020-7961), reported by Codewhite/Liferay Portal JSON Web Service RCE Vulnerabilities, affecting both the Enterprise- and Community-Edition.
Code White has found multiple critical rated JSON deserialization vulnerabilities affecting the Liferay Portal versions 6.1, 6.2, 7.0, 7.1, and 7.2. They allow unauthenticated remote code execution via the JSON web services API.
According to the article, "Fixpacks are only available for the Enterprise Edition (EE) and not for the Community Edition (CE)."
Henry Chen delivers an non-public POC:
There are total 33.000 installations indexed worldwide (via binaryedge:
references:
- Liferay: CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981)
- Liferay: CST-7205: Unauthenticated Remote code execution via JSONWS (LPS-97029/CVE-2020-7961)
Fragen? Kontakt: info@zero.bs