1. Home
  2. CVE Database
  3. CVE-2020-28885
HIGH · 7.2

CVE-2020-28885

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Lifer...

Vulnerability Description

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design fla

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
LiferayLiferay Portal7.2

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2020-28885?

CVE-2020-28885 is a vulnerability with a CVSS score of 7.2 (HIGH). Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Lifer...

How severe is CVE-2020-28885?

CVE-2020-28885 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28885?

Check the references section above for vendor advisories and patch information. Affected products include: Liferay Liferay Portal.