CVE-2017-7536

Опубликовано: 10 янв. 2018

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 4.4

CVSS3: 7

Описание

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	4.3.3-4
cosmic	not-affected	4.3.3-4
devel	not-affected	4.3.3-4
esm-apps/bionic	not-affected	4.3.3-4
esm-apps/xenial	not-affected	vulnerable code introduced in 4.3
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [vulnerable code introduced in 4.3]]
precise/esm	DNE
trusty	not-affected	vulnerable code introduced in 4.3
trusty/esm	DNE	trusty was not-affected [vulnerable code introduced in 4.3]

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2017-7536

EPSS

Процентиль: 29%

0.00104

Низкий

4.4 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

CVE-2017-7536

CVSS3: 6.3

redhat

почти 8 лет назад

CVE-2017-7536

CVSS3: 7

nvd

больше 7 лет назад

CVE-2017-7536

CVSS3: 7

debian

больше 7 лет назад

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...

GHSA-xxgp-pcfc-3vgc

CVSS3: 7

github

около 5 лет назад

Privilege Escalation in Hibernate Validator

EPSS

Процентиль: 29%

0.00104

Низкий

4.4 Medium

CVSS2

7 High

CVSS3

CVE-2017-7536

Описание

Пакет libhibernate-validator-java

Ссылки на источники

Связанные уязвимости