Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7536

Опубликовано: 26 сент. 2017
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6hibernate-validatorNot affected
Red Hat Enterprise Virtualization 3hibernate-validatorWill not fix
Red Hat Fuse 7camelNot affected
Red Hat JBoss BRMS 6hibernate-validatorNot affected
Red Hat JBoss Data Grid 6hibernate-validatorWill not fix
Red Hat JBoss Data Grid 7hibernate-validatorNot affected
Red Hat JBoss Data Virtualization 6hibernate-validatorNot affected
Red Hat JBoss Enterprise Application Platform 5hibernate-validatorOut of support scope
Red Hat JBoss Fuse 6camelWill not fix
Red Hat JBoss Fuse Integration Service 2hibernate-validatorAffected

Показывать по

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1465573hibernate-validator: Privilege escalation when running under the security manager

EPSS

Процентиль: 29%
0.00104
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 7
ubuntu
больше 7 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

CVSS3: 7
nvd
больше 7 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

CVSS3: 7
debian
больше 7 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...

CVSS3: 7
github
около 5 лет назад

Privilege Escalation in Hibernate Validator

EPSS

Процентиль: 29%
0.00104
Низкий

6.3 Medium

CVSS3

Уязвимость CVE-2017-7536