Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.4
CVSSv2

CVE-2017-7536

Published: 10/01/2018 Updated: 07/11/2023
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 393
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Hibernate Validator

Vulnerability Summary

In Hibernate Validator 5.2.x prior to 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat hibernate validator

redhat satellite 6.4

redhat satellite capsule 6.4

redhat jboss_enterprise_application_platform 6.0.0

redhat jboss_enterprise_application_platform 6.4.0

redhat jboss_enterprise_application_platform 7.0

redhat jboss_enterprise_application_platform 7.1

redhat virtualization 4.0

redhat virtualization_host 4.0

Vendor Advisories

Debian CVElist Bug Report Logs: libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager
Debian Bug report logs - #885577 libhibernate-validator-java: CVE-2017-7536: Privilege escalation when running under the security manager Package: src:libhibernate-validator-java; Maintainer for src:libhibernate-validator-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bo ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise LinuxRed Hat Product Security has rated this update as having a s ...
Red Hat: Important: eap7-jboss-ec2-eap security update
Synopsis Important: eap7-jboss-ec2-eap security update Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 70 for Red Hat Ent ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 5Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Common Vu ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Red Hat: Important: Satellite 6.4 security, bug fix, and enhancement update
Synopsis Important: Satellite 64 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 710 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 710 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Red Hat: Important: eap7-jboss-ec2-eap security update
Synopsis Important: eap7-jboss-ec2-eap security update Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 71 for Red Hat Ent ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat JBoss Fuse/A-MQ 6.3 R10 security and bug fix update
Synopsis Important: Red Hat JBoss Fuse/A-MQ 63 R10 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Fuse 63 and Red Hat JBoss A-MQ 63Red Hat Product Security has rated this update as having a security impact of Important A Common ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.21 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6421 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.1.0 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 710 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Com ...
Red Hat: Important: rhvm-appliance security, bug fix, and enhancement update
Synopsis Important: rhvm-appliance security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for rhvm-appliance is now available for RHEV 4X RHEV-H and Agents for RHEL-7Red Hat Product Security has rated this update as having a security impact of Important A Com ...

Github Repositories

https://github.com/surajbabar/dependency-demo-app

Demo project to show different ways of fixing vulnerabilities found in Maven based java project.

dependency-demo-app Demo project to show different ways of fixing vulnerabilities found in Maven based java project Run Dependency check with following Command mvn orgowasp:dependency-check-maven:check The result will be generated at target/dependency-check-reporthtml Different kinds of vulnerabilities and ways to fix them Vulnerability Category Vulnerable dependenc

https://github.com/singhkranjan/vulnapp

vulnerable application

dependency-demo-app Demo project to show different ways of fixing vulnerabilities found in Maven based java project Run Dependency check with following Command mvn orgowasp:dependency-check-maven:check The result will be generated at target/dependency-check-reporthtml Different kinds of vulnerabilities and ways to fix them Vulnerability Category Vulnerable dependenc

References

CWE-470https://bugzilla.redhat.com/show_bug.cgi?id=1465573https://access.redhat.com/errata/RHSA-2017:3458https://access.redhat.com/errata/RHSA-2017:3456https://access.redhat.com/errata/RHSA-2017:3455https://access.redhat.com/errata/RHSA-2017:3454https://access.redhat.com/errata/RHSA-2017:3141https://access.redhat.com/errata/RHSA-2017:2811https://access.redhat.com/errata/RHSA-2017:2810https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2808http://www.securitytracker.com/id/1039744http://www.securityfocus.com/bid/101048https://access.redhat.com/errata/RHSA-2018:2743https://access.redhat.com/errata/RHSA-2018:2742https://access.redhat.com/errata/RHSA-2018:2741https://access.redhat.com/errata/RHSA-2018:2740https://access.redhat.com/errata/RHSA-2018:2927https://access.redhat.com/errata/RHSA-2018:3817https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885577https://nvd.nist.govhttps://github.com/surajbabar/dependency-demo-app
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook