CVE-2020-7961 Scanner
CVE-2020-7961 scanner - Code Injection vulnerability in Liferay Portal
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
30 seconds
Time Interval
4 weeks
Scan only one
URL
Toolbox
-
Liferay Portal is a web-based platform that allows users to build and manage customizable digital experiences, such as websites, portals, and intranets. It is designed to simplify the development and delivery of enterprise web applications by providing a suite of tools and resources for creating rich, dynamic, and engaging online environments. With a user-friendly interface and extensive functionality, Liferay Portal is a popular choice for businesses and organizations seeking to enhance their online presence and streamline their digital processes.
However, Liferay Portal prior to 7.2.1 CE GA2 is vulnerable to a critical security issue known as CVE-2020-7961. This vulnerability arises due to improper handling of untrusted data during the deserialization of JSON web services (JSONWS), which can allow remote attackers to execute arbitrary code within the affected system. An attacker can exploit this vulnerability by crafting a specially-crafted payload and sending it to the target system, which then executes the code in the context of the application server, potentially leading to remote code execution, privilege escalation, and other forms of cyberattacks.
The exploitation of CVE-2020-7961 can result in severe consequences for organizations, compromising the confidentiality, integrity, and availability of their data and systems. Sensitive information could be stolen or damaged, and critical resources could be locked, disrupted, or destroyed. Moreover, the exploitation of this vulnerability can lead to reputational damage, regulatory fines, legal liabilities, and other non-technical impacts, affecting the viability and sustainability of the organization.
With the pro features of the s4e.io platform, you can easily and quickly learn about vulnerabilities in your digital assets. Our platform provides comprehensive scans and assessments of your web applications, network devices, and cloud services, identifying and prioritizing risks based on their severity, exploitability, and impact. Moreover, our platform offers actionable remediation guidance, custom reporting, and integration with popular security tools, enabling you to secure your digital assets effectively and efficiently. Don't wait until the next vulnerability hits - sign up for s4e.io today and take control of your cybersecurity.
REFERENCES
- https://portal.liferay.dev/learn/security/known-vulnerabilities
- https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
- http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.html
- https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
