Lucene search

[email protected]NVD:CVE-2017-7536

HistoryJan 10, 2018 - 3:29 p.m.

CVE-2017-7536

2018-01-1015:29:00

CWE-592

CWE-470

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%

JSON

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager’s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Affected configurations

NVD

Node

redhathibernate_validatorRange5.2.0–5.2.5

redhathibernate_validatorRange5.3.0–5.3.6

redhathibernate_validatorRange5.4.0–5.4.2

Node

redhatsatelliteMatch6.4

redhatsatellite_capsuleMatch6.4

Node

redhatjboss_enterprise_application_platformMatch6.0.0

redhatjboss_enterprise_application_platformMatch6.4.0

AND

redhatenterprise_linuxMatch5.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatjboss_enterprise_application_platformMatch7.0

redhatjboss_enterprise_application_platformMatch7.1

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

redhatvirtualizationMatch4.0

redhatvirtualization_hostMatch4.0

AND

redhatenterprise_linuxMatch7.0

References

www.securityfocus.com/bid/101048

www.securitytracker.com/id/1039744

access.redhat.com/errata/RHSA-2017:2808

access.redhat.com/errata/RHSA-2017:2809

access.redhat.com/errata/RHSA-2017:2810

access.redhat.com/errata/RHSA-2017:2811

access.redhat.com/errata/RHSA-2017:3141

access.redhat.com/errata/RHSA-2017:3454

access.redhat.com/errata/RHSA-2017:3455

access.redhat.com/errata/RHSA-2017:3456

access.redhat.com/errata/RHSA-2017:3458

access.redhat.com/errata/RHSA-2018:2740

access.redhat.com/errata/RHSA-2018:2741

access.redhat.com/errata/RHSA-2018:2742

access.redhat.com/errata/RHSA-2018:2743

access.redhat.com/errata/RHSA-2018:2927

access.redhat.com/errata/RHSA-2018:3817

bugzilla.redhat.com/show_bug.cgi?id=1465573

lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.3%

JSON

Related for NVD:CVE-2017-7536

redhatcve1 nessus12 veracode1 cve1 ubuntucve1 osv2 github1 debiancve1 cvelist1 prion1 redhat15 pentestit1 oracle1