QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-7536

Back to search

CVE-2017-7536

Published: Jan 10, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

VendorProductVersions

Red Hat, Inc.

hibernate-validator

affected
5.2.x before 5.2.5 final
affected
5.3.x
affected
5.4.x

Weaknesses (CWE)

CWE-592

References

RHSA-2017:2809
vendor-advisory
x_refsource_REDHAT
RHSA-2018:3817
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2740
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2810
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2741
vendor-advisory
x_refsource_REDHAT
1039744
vdb-entry
x_refsource_SECTRACK
RHSA-2018:2742
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3458
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2808
vendor-advisory
x_refsource_REDHAT
101048
vdb-entry
x_refsource_BID
RHSA-2017:3455
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2927
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3456
vendor-advisory
x_refsource_REDHAT
RHSA-2018:2743
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3454
vendor-advisory
x_refsource_REDHAT
RHSA-2017:3141
vendor-advisory
x_refsource_REDHAT
RHSA-2017:2811
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now