CVE-2019-16891

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

Weakness

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Software

Name	Vendor	Start Version	End Version
Liferay_portal	Liferay	*	6.0.6 (including)
Liferay_portal	Liferay	6.1.0-b1 (including)	6.1.0-b1 (including)
Liferay_portal	Liferay	6.1.0-b2 (including)	6.1.0-b2 (including)
Liferay_portal	Liferay	6.1.0-b3 (including)	6.1.0-b3 (including)
Liferay_portal	Liferay	6.1.0-b4 (including)	6.1.0-b4 (including)
Liferay_portal	Liferay	6.1.0-ga1 (including)	6.1.0-ga1 (including)
Liferay_portal	Liferay	6.1.0-rc1 (including)	6.1.0-rc1 (including)
Liferay_portal	Liferay	6.1.1-ga2 (including)	6.1.1-ga2 (including)
Liferay_portal	Liferay	6.1.2-ga3 (including)	6.1.2-ga3 (including)
Liferay_portal	Liferay	6.2.0-b1 (including)	6.2.0-b1 (including)
Liferay_portal	Liferay	6.2.0-b2 (including)	6.2.0-b2 (including)
Liferay_portal	Liferay	6.2.0-ga1 (including)	6.2.0-ga1 (including)
Liferay_portal	Liferay	6.2.0-m1 (including)	6.2.0-m1 (including)
Liferay_portal	Liferay	6.2.0-m2 (including)	6.2.0-m2 (including)
Liferay_portal	Liferay	6.2.0-m3 (including)	6.2.0-m3 (including)
Liferay_portal	Liferay	6.2.0-m4 (including)	6.2.0-m4 (including)
Liferay_portal	Liferay	6.2.0-m5 (including)	6.2.0-m5 (including)
Liferay_portal	Liferay	6.2.0-m6 (including)	6.2.0-m6 (including)
Liferay_portal	Liferay	6.2.0-rc1 (including)	6.2.0-rc1 (including)
Liferay_portal	Liferay	6.2.0-rc2 (including)	6.2.0-rc2 (including)
Liferay_portal	Liferay	6.2.0-rc3 (including)	6.2.0-rc3 (including)
Liferay_portal	Liferay	6.2.0-rc4 (including)	6.2.0-rc4 (including)
Liferay_portal	Liferay	6.2.0-rc5 (including)	6.2.0-rc5 (including)
Liferay_portal	Liferay	6.2.0-rc6 (including)	6.2.0-rc6 (including)
Liferay_portal	Liferay	6.2.1-ga2 (including)	6.2.1-ga2 (including)
Liferay_portal	Liferay	6.2.2-ga3 (including)	6.2.2-ga3 (including)
Liferay_portal	Liferay	6.2.3-ga4 (including)	6.2.3-ga4 (including)
Liferay_portal	Liferay	6.2.4-ga5 (including)	6.2.4-ga5 (including)
Liferay_portal	Liferay	6.2.5-ga6 (including)	6.2.5-ga6 (including)
Liferay_portal	Liferay	7.0.0-a1 (including)	7.0.0-a1 (including)
Liferay_portal	Liferay	7.0.0-a2 (including)	7.0.0-a2 (including)
Liferay_portal	Liferay	7.0.0-a3 (including)	7.0.0-a3 (including)
Liferay_portal	Liferay	7.0.0-a4 (including)	7.0.0-a4 (including)
Liferay_portal	Liferay	7.0.0-a5 (including)	7.0.0-a5 (including)
Liferay_portal	Liferay	7.0.0-b1 (including)	7.0.0-b1 (including)
Liferay_portal	Liferay	7.0.0-b2 (including)	7.0.0-b2 (including)
Liferay_portal	Liferay	7.0.0-b3 (including)	7.0.0-b3 (including)
Liferay_portal	Liferay	7.0.0-b4 (including)	7.0.0-b4 (including)
Liferay_portal	Liferay	7.0.0-b5 (including)	7.0.0-b5 (including)
Liferay_portal	Liferay	7.0.0-b6 (including)	7.0.0-b6 (including)
Liferay_portal	Liferay	7.0.0-b7 (including)	7.0.0-b7 (including)
Liferay_portal	Liferay	7.0.0-ga1 (including)	7.0.0-ga1 (including)
Liferay_portal	Liferay	7.0.0-m1 (including)	7.0.0-m1 (including)
Liferay_portal	Liferay	7.0.0-m2 (including)	7.0.0-m2 (including)
Liferay_portal	Liferay	7.0.0-m3 (including)	7.0.0-m3 (including)
Liferay_portal	Liferay	7.0.0-m4 (including)	7.0.0-m4 (including)
Liferay_portal	Liferay	7.0.0-m5 (including)	7.0.0-m5 (including)
Liferay_portal	Liferay	7.0.0-m6 (including)	7.0.0-m6 (including)
Liferay_portal	Liferay	7.0.0-m7 (including)	7.0.0-m7 (including)
Liferay_portal	Liferay	7.0.1-ga2 (including)	7.0.1-ga2 (including)
Liferay_portal	Liferay	7.0.2-ga3 (including)	7.0.2-ga3 (including)
Liferay_portal	Liferay	7.0.3-ga4 (including)	7.0.3-ga4 (including)
Liferay_portal	Liferay	7.0.4-ga5 (including)	7.0.4-ga5 (including)
Liferay_portal	Liferay	7.0.5-ga6 (including)	7.0.5-ga6 (including)
Liferay_portal	Liferay	7.0.6-ga7 (including)	7.0.6-ga7 (including)
Liferay_portal	Liferay	7.1.0-a1 (including)	7.1.0-a1 (including)
Liferay_portal	Liferay	7.1.0-a2 (including)	7.1.0-a2 (including)
Liferay_portal	Liferay	7.1.0-b1 (including)	7.1.0-b1 (including)
Liferay_portal	Liferay	7.1.0-b2 (including)	7.1.0-b2 (including)
Liferay_portal	Liferay	7.1.0-b3 (including)	7.1.0-b3 (including)
Liferay_portal	Liferay	7.1.0-ga1 (including)	7.1.0-ga1 (including)
Liferay_portal	Liferay	7.1.0-m1 (including)	7.1.0-m1 (including)
Liferay_portal	Liferay	7.1.0-m2 (including)	7.1.0-m2 (including)
Liferay_portal	Liferay	7.1.0-rc1 (including)	7.1.0-rc1 (including)
Liferay_portal	Liferay	7.1.1-ga2 (including)	7.1.1-ga2 (including)
Liferay_portal	Liferay	7.1.2-ga3 (including)	7.1.2-ga3 (including)
Liferay_portal	Liferay	7.1.3-ga4 (including)	7.1.3-ga4 (including)
Liferay_portal	Liferay	7.2.0-alpha1 (including)	7.2.0-alpha1 (including)
Liferay_portal	Liferay	7.2.0-beta1 (including)	7.2.0-beta1 (including)
Liferay_portal	Liferay	7.2.0-beta2 (including)	7.2.0-beta2 (including)
Liferay_portal	Liferay	7.2.0-beta3 (including)	7.2.0-beta3 (including)
Liferay_portal	Liferay	7.2.0-m2 (including)	7.2.0-m2 (including)
Liferay_portal	Liferay	7.2.0-rc1 (including)	7.2.0-rc1 (including)
Liferay_portal	Liferay	7.2.0-rc2 (including)	7.2.0-rc2 (including)
Liferay_portal	Liferay	7.2.0-rc3 (including)	7.2.0-rc3 (including)

Potential Mitigations

Make fields transient to protect them from deserialization.
An attempt to serialize and then deserialize a class containing transient fields will result in NULLs where the transient data should be. This is an excellent way to prevent time, environment-based, or sensitive variables from being carried over and used improperly.

https://cwe.mitre.org/data/definitions/586.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-16891
CWE	https://cwe.mitre.org/data/definitions/502.html

Deserialization of Untrusted Data

Weakness

Affected Software

Potential Mitigations

References

CVE-2019-16891

Deserialization of Untrusted Data

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References