Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-7536

Опубликовано: 10 янв. 2018
Источник: nvd
CVSS3: 7
CVSS2: 4.4
EPSS Низкий

Описание

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*
Версия от 5.2.0 (включая) до 5.2.5 (исключая)
cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*
Версия от 5.3.0 (включая) до 5.3.6 (исключая)
cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*
Версия от 5.4.0 (включая) до 5.4.2 (исключая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.00104
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-592
CWE-470

Связанные уязвимости

CVSS3: 7
ubuntu
больше 7 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

CVSS3: 6.3
redhat
почти 8 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

CVSS3: 7
debian
больше 7 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...

CVSS3: 7
github
около 5 лет назад

Privilege Escalation in Hibernate Validator

EPSS

Процентиль: 29%
0.00104
Низкий

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-592
CWE-470