module
Liferay Portal Java Unmarshalling via JSONWS RCE
| Disclosed |
|---|
| Nov 25, 2019 |
Disclosed
Nov 25, 2019
Description
This module exploits a Java unmarshalling vulnerability via JSONWS in
Liferay Portal versions GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.
Liferay Portal versions GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.