HIGH🇬🇧 English

CVE-2017-7536

CVSS 7.0v3.1pub. 2018-01-10upd. 2024-11-21

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Red Hat Enterprise Linux

    OS
    Redhat
    5.06.07.0
  • Red Hat Hibernate Validator

    APP
    Redhat
    5.2.0 – 5.2.5 (bez)5.3.0 – 5.3.6 (bez)5.4.0 – 5.4.2 (bez)
  • Red Hat Jboss Enterprise Application Platform

    APP
    Redhat
    6.0.06.4.07.07.1
  • Red Hat Satellite

    APP
    Redhat
    6.4
  • Red Hat Satellite Capsule

    APP
    Redhat
    6.4
  • Red Hat Virtualization

    APP
    Redhat
    4.0
  • Red Hat Virtualization Host

    APP
    Redhat
    4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2017-12149CRITICAL9.8⚠ KEVten sam produkt

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...