CVE-2020-10693

🗓️ 06 May 2020 13:03:33Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 9 Media mentions👁 254 Views

Flaw in Hibernate Validator 6.1.2.Final allows for bypassing input sanitation control

Reporter	Title	Published	Views	Family All 95
IBM Security Bulletins	Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Z Development and Test Environment - Jan 2021	29 Jan 202114:27	–	ibm
IBM Security Bulletins	Security Bulletin: Due to use of Hibernate Validator version 6.1.2.Final IBM Tivoli Network Manager is vulnerable which allows attackers to bypass input sanitation (escaping, stripping) controls(CVE-2020-10693, CVE-2019-10219).	4 Jul 202212:53	–	ibm
IBM Security Bulletins	Security Bulletin: Hibernate Hibernate Validator could allow a remote attacker to bypass security restriction which affects watsonx.data	10 Mar 202518:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty bundled with IBM WebSphere Application Server Patterns (CVE-2020-10693)	15 Oct 202016:29	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Appilcation Server and WebSphere Application Server Liberty affects IBM Engineering ELM products based on IBM Jazz technology.	12 Nov 202015:45	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Hibernate Validator may affect IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2020-10693)	14 Sep 202215:28	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-10693)	23 Mar 202122:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10693)	20 Jan 202109:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693)	14 Oct 202022:42	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Fasterxml Jackson,FasterXML Jackson Core,Bouncy Castle Java, Netty,Hibernate Validator,JCraft JSch,Apache Tomcat,Bootstrap might affect IBM Storage Defender Copy Data Management	12 Dec 202515:28	–	ibm

NVD

Vulners

Node

redhat hibernate_validatorRange5.0.0–6.0.20

redhat hibernate_validatorRange6.1.2–6.1.5

redhat hibernate_validatorMatch7.0.0alpha1

Node

ibm websphere_application_serverRange17.0.0.3–20.0.0.10liberty

Node

redhat jboss_enterprise_application_platformMatch7.2.0

redhat jboss_enterprise_application_platformMatch7.3.0

AND

redhat enterprise_linuxMatch6.0

redhat enterprise_linuxMatch7.0

redhat enterprise_linuxMatch8.0

Node

redhat satelliteMatch6.8

redhat satellite_capsuleMatch6.8

Node

quarkus quarkusRange≤1.4.2

Node

oracle weblogic_serverMatch14.1.1.0.0

[
  {
    "product": "hibernate-validator",
    "vendor": "Hibernate",
    "versions": [
      {
        "status": "affected",
        "version": "6.1.2.Final"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuapr2022.html
lists	www.lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E
lists	www.lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

21 Nov 2024 04:55Current

5.3Medium risk

Vulners AI Score5.3

CVSS 25

CVSS 3.15.3

EPSS0.00094

CWE-20