Critical severityCISA KEVNVD Advisory· Published Mar 20, 2020· Updated Oct 21, 2025
CVE-2020-7961
CVE-2020-7961
Description
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay.portal:com.liferay.portal.kernelMaven | < 4.35.3 | 4.35.3 |
Affected products
2- Liferay/Liferay Portaldescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-w7pm-cc4v-f3g8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7961ghsaADVISORY
- packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.htmlghsax_refsource_MISCWEB
- packetstormsecurity.com/files/158392/Liferay-Portal-Remote-Code-Execution.htmlghsax_refsource_MISCWEB
- github.com/liferay/liferay-portal/blob/7.2.1-ga2/portal-kernel/bnd.bndghsaWEB
- portal.liferay.dev/learn/security/known-vulnerabilitiesghsax_refsource_MISCWEB
- portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271ghsax_refsource_CONFIRMWEB
- research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnetghsaWEB
- research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/mitrex_refsource_MISC
- www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB
News mentions
0No linked articles in our index yet.