Описание
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Virtualization 3 | rhevm-dependencies | Fix deferred | ||
| Red Hat JBoss BRMS 5 | hibernate-validator | Will not fix | ||
| Red Hat JBoss Data Grid 6 | hibernate-validator | Fix deferred | ||
| Red Hat JBoss Data Virtualization 6 | hibernate-validator | Fix deferred | ||
| Red Hat JBoss Enterprise Application Platform 5 | hibernate3 | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | hibernate-validator | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | ewp | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-esb-7 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | hibernate3 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.3 Low
CVSS2
Связанные уязвимости
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hi ...
EPSS
3.3 Low
CVSS2