fkie_cve-2019-11444
Vulnerability from fkie_nvd
Published
2019-04-22 11:29
Modified
2024-11-21 04:21
Severity ?
7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw
References
cve@mitre.orghttps://dev.liferay.com/discover/portal/-/knowledge_base/7-1/running-scripts-from-the-script-console
cve@mitre.orghttps://pentest.com.tr/exploits/Liferay-CE-Portal-Tomcat-7-1-2-ga3-Groovy-Console-Remote-Command-Execution-Metasploit.htmlExploit, Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/46525Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://dev.liferay.com/discover/portal/-/knowledge_base/7-1/running-scripts-from-the-script-console
af854a3a-2127-422b-91ae-364da2661108https://pentest.com.tr/exploits/Liferay-CE-Portal-Tomcat-7-1-2-ga3-Groovy-Console-Remote-Command-Execution-Metasploit.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46525Exploit, Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
liferay liferay_portal 7.1.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liferay:liferay_portal:7.1.2:ga3:*:*:*:*:*:*",
              "matchCriteriaId": "0B3B7D03-C4E0-4FAE-8BD9-04F12B1E7B50",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay\u0027s Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by \"def cmd =\" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid credentials for an application administrator user account are required. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw"
    },
    {
      "lang": "es",
      "value": "** EN DISPUTA ** Fue encontrado un problema en Liferay Portal CE 7.1.2 GA3. Un atacante puede usar la consola de script Groovy de Liferay para ejecutar comandos del sistema operativo. Los comandos se pueden ejecutar mediante una llamada a [command].execute(), como lo demuestra \"def cmd =\" ??en el valor ServerAdminPortlet_script hacia group/control_panel/manage. Se requieren credenciales v\u00e1lidas para una cuenta de usuario administrador de la aplicaci\u00f3n. NOTA: El desarrollador cuestiona esto como una vulnerabilidad, ya que es una caracter\u00edstica para que los administradores ejecuten scripts en groovy , y en consecuencia, no es una fallo de dise\u00f1o."
    }
  ],
  "id": "CVE-2019-11444",
  "lastModified": "2024-11-21T04:21:05.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-22T11:29:05.830",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://dev.liferay.com/discover/portal/-/knowledge_base/7-1/running-scripts-from-the-script-console"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://pentest.com.tr/exploits/Liferay-CE-Portal-Tomcat-7-1-2-ga3-Groovy-Console-Remote-Command-Execution-Metasploit.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://dev.liferay.com/discover/portal/-/knowledge_base/7-1/running-scripts-from-the-script-console"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://pentest.com.tr/exploits/Liferay-CE-Portal-Tomcat-7-1-2-ga3-Groovy-Console-Remote-Command-Execution-Metasploit.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/46525"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.