Lucene search

Veracode Vulnerability DatabaseVERACODE:26340

HistoryAug 18, 2020 - 2:03 a.m.

SQL Injection

2020-08-1802:03:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

hibernate-core is vulnerable to SQL injection. The vulnerability exists in Hibernate ORM.

CPENameOperatorVersion
eap7-wildfly-commoneq1.4.0__1.Final_redhat_1.1.el8eap
eap7-wildfly-commoneq1.2.0__10.Final_redhat_1.1.ep7.el7
eap7-wildfly-commoneq1.5.1__1.Final_redhat_00001.1.el8eap
eap7-wildfly-commoneq1.4.0__1.Final_redhat_1.1.el6eap
eap7-wildfly-commoneq1.1.0__1.Final_redhat_1.1.ep7.el6
eap7-wildfly-commoneq1.2.1__1.Final_redhat_00001.1.ep7.el6
eap7-wildfly-commoneq1.2.1__1.Final_redhat_00001.1.ep7.el7
eap7-wildfly-commoneq1.5.1__1.Final_redhat_00001.1.el7eap
eap7-wildfly-commoneq1.5.1__1.Final_redhat_00001.1.el6eap
eap7-wildfly-commoneq1.4.0__1.Final_redhat_1.1.el7eap

Name	Operator	Version
eap7-wildfly-common	eq	1.4.0__1.Final_redhat_1.1.el8eap
eap7-wildfly-common	eq	1.2.0__10.Final_redhat_1.1.ep7.el7
eap7-wildfly-common	eq	1.5.1__1.Final_redhat_00001.1.el8eap
eap7-wildfly-common	eq	1.4.0__1.Final_redhat_1.1.el6eap
eap7-wildfly-common	eq	1.1.0__1.Final_redhat_1.1.ep7.el6
eap7-wildfly-common	eq	1.2.1__1.Final_redhat_00001.1.ep7.el6
eap7-wildfly-common	eq	1.2.1__1.Final_redhat_00001.1.ep7.el7
eap7-wildfly-common	eq	1.5.1__1.Final_redhat_00001.1.el7eap
eap7-wildfly-common	eq	1.5.1__1.Final_redhat_00001.1.el6eap
eap7-wildfly-common	eq	1.4.0__1.Final_redhat_1.1.el7eap

Rows per page:

1-10 of 16361

References

5.3.x

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/

access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/

access.redhat.com/errata/RHSA-2020:3461

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1666499

github.com/hibernate/hibernate-orm/commit/e0e22ea256c1906235d6a8e90b79c4ce33d0861f

github.com/hibernate/hibernate-orm/pull/3438

issues.redhat.com/browse/JBEAP-18793

issues.redhat.com/browse/JBEAP-19095

issues.redhat.com/browse/JBEAP-19134

issues.redhat.com/browse/JBEAP-19185

issues.redhat.com/browse/JBEAP-19203

issues.redhat.com/browse/JBEAP-19205

issues.redhat.com/browse/JBEAP-19269

issues.redhat.com/browse/JBEAP-19322

issues.redhat.com/browse/JBEAP-19325

issues.redhat.com/browse/JBEAP-19397

issues.redhat.com/browse/JBEAP-19409

issues.redhat.com/browse/JBEAP-19529

issues.redhat.com/browse/JBEAP-19564

issues.redhat.com/browse/JBEAP-19585

issues.redhat.com/browse/JBEAP-19617

issues.redhat.com/browse/JBEAP-19619

issues.redhat.com/browse/JBEAP-19673

issues.redhat.com/browse/JBEAP-19674

issues.redhat.com/browse/JBEAP-19874

lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E

security.netapp.com/advisory/ntap-20220210-0020/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

Related for VERACODE:26340