CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
75.3%
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | hibernate_validator | * | cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:* |
redhat | hibernate_validator | 4.1.0 | cpe:2.3:a:redhat:hibernate_validator:4.1.0:*:*:*:*:*:*:* |
redhat | hibernate_validator | 4.2.0 | cpe:2.3:a:redhat:hibernate_validator:4.2.0:*:*:*:*:*:*:* |
redhat | hibernate_validator | 4.2.0 | cpe:2.3:a:redhat:hibernate_validator:4.2.0:beta1:*:*:*:*:*:* |
redhat | hibernate_validator | 4.2.0 | cpe:2.3:a:redhat:hibernate_validator:4.2.0:beta2:*:*:*:*:*:* |
redhat | hibernate_validator | 4.2.0 | cpe:2.3:a:redhat:hibernate_validator:4.2.0:cr1:*:*:*:*:*:* |
rhn.redhat.com/errata/RHSA-2014-1285.html
rhn.redhat.com/errata/RHSA-2014-1286.html
rhn.redhat.com/errata/RHSA-2014-1287.html
rhn.redhat.com/errata/RHSA-2014-1288.html
rhn.redhat.com/errata/RHSA-2015-0125.html
rhn.redhat.com/errata/RHSA-2015-0720.html
github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
hibernate.atlassian.net/browse/HV-912