Lucene search

CVE-2020-25638

🗓️ 02 Dec 2020 15:12:15Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 289 Views

A flaw in hibernate-core allows SQL injection via JPA Criteria API in versions prior to 5.4.23.Final. Allows unauthorized access

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 63
Prion	Sql injection	2 Dec 202015:15	–	prion
Debian	[SECURITY] [DSA 4908-1] libhibernate3-java security update	29 Apr 202119:40	–	debian
Debian	[SECURITY] [DLA 2512-1] libhibernate3-java security update	3 Jan 202122:30	–	debian
Debian	[SECURITY] [DSA 4908-1] libhibernate3-java security update	29 Apr 202119:40	–	debian
RedhatCVE	CVE-2020-25638	13 Nov 202004:24	–	redhatcve
Vulnrichment	CVE-2020-25638	2 Dec 202014:36	–	vulnrichment
RedHat Linux	(RHSA-2020:5254) Important: Red Hat Single Sign-On 7.4.3 one-off security update	30 Nov 202017:25	–	redhat
RedHat Linux	(RHSA-2020:5175) Important: Red Hat JBoss Enterprise Application Platform 7.3 security update	23 Nov 202013:23	–	redhat
RedHat Linux	(RHSA-2020:5302) Important: Red Hat build of Quarkus 1.7.5 SP1 release and security update	1 Dec 202011:41	–	redhat
RedHat Linux	(RHSA-2020:5174) Important: Red Hat JBoss Enterprise Application Platform 7.3.3 security update	23 Nov 202013:23	–	redhat

Nvd

Vulners

Node

hibernate hibernate_ormRange<5.3.20

hibernate hibernate_ormRange5.4.0–5.4.24

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

quarkus quarkusRange≤1.9.2

Node

oracle communications_cloud_native_core_consoleMatch1.9.0

oracle retail_customer_management_and_segmentation_foundationMatch19.0

[
  {
    "product": "hibernate-core",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Hibernate ORM versions before 5.4.24.Final"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com//security-alerts/cpujul2021.html
lists	www.lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujul2022.html
lists	www.lists.debian.org/debian-lts-announce/2021/01/msg00000.html
lists	www.lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E
oracle	www.oracle.com/security-alerts/cpuapr2022.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
debian	www.debian.org/security/2021/dsa-4908

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

02 Dec 2020 15:15Current

7.6High risk

Vulners AI Score7.6

CVSS25.8

CVSS37.4

EPSS0.00593

SSVC

CWE-89