ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator is vulnerable to remote code execution. It is possible because it does not enforce Java Security Manager (JSM) restrictions, thereby allowing the attacker to trigger restricted reflection calls via a malicious application.
rhn.redhat.com/errata/RHSA-2014-1285.html
rhn.redhat.com/errata/RHSA-2014-1285.html
rhn.redhat.com/errata/RHSA-2014-1286.html
rhn.redhat.com/errata/RHSA-2014-1286.html
rhn.redhat.com/errata/RHSA-2014-1287.html
rhn.redhat.com/errata/RHSA-2014-1287.html
rhn.redhat.com/errata/RHSA-2014-1288.html
rhn.redhat.com/errata/RHSA-2014-1288.html
rhn.redhat.com/errata/RHSA-2015-0125.html
rhn.redhat.com/errata/RHSA-2015-0125.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0720.html
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1128666
bugzilla.redhat.com/show_bug.cgi?id=1128712
bugzilla.redhat.com/show_bug.cgi?id=1129663
bugzilla.redhat.com/show_bug.cgi?id=1129680
bugzilla.redhat.com/show_bug.cgi?id=1131100
bugzilla.redhat.com/show_bug.cgi?id=1131835
bugzilla.redhat.com/show_bug.cgi?id=1131981
bugzilla.redhat.com/show_bug.cgi?id=1131986
bugzilla.redhat.com/show_bug.cgi?id=1132009
bugzilla.redhat.com/show_bug.cgi?id=1132032
bugzilla.redhat.com/show_bug.cgi?id=1132039
bugzilla.redhat.com/show_bug.cgi?id=1132811
bugzilla.redhat.com/show_bug.cgi?id=1134667
bugzilla.redhat.com/show_bug.cgi?id=1136932
bugzilla.redhat.com/show_bug.cgi?id=1136935
github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
hibernate.atlassian.net/browse/HV-912
hibernate.atlassian.net/browse/HV-912
rhn.redhat.com/errata/RHSA-2014-1285.html