In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
07 Nov 2023, 02:50
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
10 Mar 2022, 13:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat satellite
Redhat satellite Capsule Redhat jboss Enterprise Application Platform Redhat virtualization Redhat enterprise Linux Redhat virtualization Host |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:3817 - Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E - Issue Tracking, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2927 - Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2743 - Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2740 - Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2742 - Vendor Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2018:2741 - Vendor Advisory | |
CPE | cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:* |
Information
Published : 2018-01-10 15:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-7536
Mitre link : CVE-2017-7536
CVE.ORG link : CVE-2017-7536
JSON object : View
Products Affected
redhat
- enterprise_linux
- virtualization
- jboss_enterprise_application_platform
- virtualization_host
- satellite
- satellite_capsule
- hibernate_validator