module

Liferay Portal Java Unmarshalling via JSONWS RCE

Name: Liferay Portal Java Unmarshalling via JSONWS RCE
Keywords: CVE, Liferay Portal Java Unmarshalling via JSONWS RCE

Try Surface Command

Back to search

Disclosed

Nov 25, 2019

Description

This module exploits a Java unmarshalling vulnerability via JSONWS in
Liferay Portal versions GA2 to execute code as the Liferay user. Tested against 7.2.0 GA1.

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report