Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

LSV-634: Java deserialization vulnerability in clustered setup

Affects versions

Fix versions

7.0 Fix Pack Version

90

7.1 Fix Pack Version

None

7.2 Fix Pack Version

None

7.3 Fix Pack Version

None

7.4 Fix Pack Version

None

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

In Liferay DXP 7.2, DXP 7.1 and DXP 7.0, a Java deserialization vulnerability exists when DXP is clustered. Communication between the nodes can be intercepted and modified. This may result in information leakage and remote code execution.

https://help.liferay.com/hc/en-us/articles/360040839771

Activity

Show:
Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Priority

Components

Zendesk Support

Created February 7, 2020 at 2:20 AM
Updated November 9, 2020 at 11:52 AM
Resolved May 11, 2020 at 7:54 AM