Description
In Liferay Portal 7.2.1 and earlier, a Java deserialization vulnerability exists when the portal is clustered. Communication between the nodes can be intercepted and modified. This may result in information leakage and remote code execution.
Severity
Severity 1
Fixed Version(s)
- Liferay Portal 7.2.1
- June 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Publication date: Tue, 09 Jun 2020 02:00:00 +0000