Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-10219

Published: 08/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Hibernate Validator

Vulnerability Summary

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat hibernate validator

redhat hibernate validator 6.1.0

redhat single sign-on -

redhat jboss enterprise application platform -

redhat jboss data grid -

redhat openshift application runtimes -

redhat fuse 1.0

redhat jboss_enterprise_application_platform 7.2

redhat jboss_enterprise_application_platform 7.3

netapp active iq unified manager -

netapp element -

netapp snapcenter plug-in -

netapp management services for element software and netapp hci -

oracle flexcube investor servicing 12.3.0

oracle flexcube investor servicing 12.1.0

oracle solaris 11

oracle flexcube private banking 12.1.0

oracle insurance policy administration j2ee 10.2.0

oracle flexcube private banking 12.0.0

oracle flexcube investor servicing 12.0.4

oracle weblogic server 12.1.3.0.0

oracle retail integration bus 13.0

oracle database server 12.1.0.2

oracle insurance rules palette 10.2.0

oracle hospitality suite8 8.10.2

oracle solaris 10

oracle database server 12.1.0.1

oracle retail back office 14.1

oracle access manager 11.1.2.3.0

oracle weblogic server 12.2.1.3.0

oracle business intelligence 12.2.1.3.0

oracle http server 12.2.1.3.0

oracle webcenter portal 12.2.1.3.0

oracle utilities framework 4.2.0.3.0

oracle utilities framework 4.2.0.2.0

oracle access manager 12.2.1.3.0

oracle flexcube investor servicing 12.4.0

oracle business process management suite 12.2.1.3.0

oracle peoplesoft enterprise peopletools 8.57

oracle managed file transfer 12.2.1.3.0

oracle hospitality reporting and analytics 9.1.0

oracle application testing suite 13.3.0.1

oracle retail order broker 16.0

oracle retail returns management 14.1

oracle retail point-of-sale 14.1

oracle retail central office 14.1

oracle banking platform 2.6.2

oracle primavera unifier 18.8

oracle database server 19c

oracle bi publisher 12.2.1.4.0

oracle bi publisher 11.1.1.9.0

oracle bi publisher 12.2.1.3.0

oracle retail predictive application server 15.0.3

oracle policy automation 10.4.7

oracle enterprise data quality 12.2.1.3.0

oracle data integrator 12.2.1.3.0

oracle communications operations monitor 3.4

oracle business intelligence 12.2.1.4.0

oracle primavera unifier

oracle utilities framework 4.4.0.0.0

oracle instantis enterprisetrack 17.1

oracle instantis enterprisetrack 17.2

oracle instantis enterprisetrack 17.3

oracle agile plm 9.3.3

oracle agile plm 9.3.6

oracle communications unified inventory management 7.3.4

oracle communications unified inventory management 7.3.5

oracle communications unified inventory management 7.4.0

oracle fusion middleware 12.2.1.3.0

oracle banking digital experience 18.3

oracle banking digital experience 19.1

oracle banking digital experience 18.1

oracle weblogic server 12.2.1.4.0

oracle fusion middleware 12.2.1.4.0

oracle business intelligence 5.5.0.0.0

oracle peoplesoft enterprise peopletools 8.58

oracle hyperion financial management 11.1.2.4

oracle primavera unifier 19.12

oracle webcenter portal 12.2.1.4.0

oracle fusion middleware mapviewer 12.2.1.4.0

oracle sd-wan edge 9.0

oracle weblogic server 14.1.1.0.0

oracle sd-wan aware 8.2

oracle enterprise manager base platform 13.4.0.0

oracle utilities framework

oracle utilities framework 4.4.0.2.0

oracle hospitality opera 5 property services 5.6

oracle http server 12.2.1.4.0

oracle banking digital experience 19.2

oracle banking digital experience 20.1

oracle enterprise manager ops center 12.4.0.0

oracle enterprise session border controller 8.4

oracle communications unified inventory management 7.3.0

oracle communications services gatekeeper 7.0

oracle banking platform 2.7.0

oracle banking platform 2.7.1

oracle goldengate application adapters 19.1.0.0.0

oracle agile engineering data management 6.2.1.0

oracle data integrator 12.2.1.4.0

oracle argus safety 8.2.2

oracle communications metasolv solution 6.3.1

oracle retail financial integration 16.0.3

oracle primavera unifier 20.12

oracle managed file transfer 12.2.1.4.0

oracle zfs storage appliance kit 8.8

oracle communications network integrity 7.3.5

oracle communications network integrity 7.3.6

oracle retail order broker 18.0

oracle business process management suite 12.2.1.4.0

oracle bi publisher 5.5.0.0.0

oracle insurance rules palette 10.2.4

oracle insurance rules palette 11.0.2

oracle insurance policy administration j2ee 10.2.4

oracle insurance policy administration j2ee 11.0.2

oracle communications billing and revenue management elastic charging engine 11.3

oracle communications billing and revenue management elastic charging engine 12.0

oracle hospitality cruise shipboard property management system 20.1.0

oracle communications interactive session recorder 6.3

oracle communications interactive session recorder 6.4

oracle communications messaging server 8.1

oracle business activity monitoring 12.2.1.4.0

oracle commerce guided search 11.3.2

oracle commerce platform

oracle communications operations monitor 4.2

oracle communications operations monitor 4.3

oracle communications unified inventory management 7.4.1

oracle insurance policy administration 11.3.0

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail xstore point of service 20.0.1

oracle retail service backbone 15.0.3.1

oracle retail service backbone 14.1.3.2

oracle insurance rules palette

oracle insurance policy administration 11.0.2

oracle primavera gateway

oracle utilities framework 4.4.0.3.0

oracle agile product lifecycle management integration pack 3.6

oracle retail price management 15.0

oracle retail price management 16.0

oracle communications pricing design center 12.0.0.3.0

oracle retail customer management and segmentation foundation

oracle enterprise data quality 12.2.1.4.0

oracle retail order broker 19.1

oracle communications session border controller 8.3

oracle communications session border controller 8.4

oracle enterprise manager base platform 13.5.0.0

oracle enterprise session border controller 9.0

oracle communications session border controller 9.0

oracle peoplesoft enterprise cs sa integration pack 9.2

oracle peoplesoft enterprise cs sa integration pack 9.0

oracle healthcare data repository 8.1.0

oracle documaker

oracle hyperion financial management 11.2.6.0

oracle communications application session controller 3.9.0

oracle communications converged application server - service controller 6.2

oracle real-time decision server 3.2.0.0

oracle communications calendar server 8.0.0.6.0

oracle banking enterprise default management 2.12.0

oracle banking enterprise default management 2.10.0

oracle real user experience insight 13.4.1.0

oracle real user experience insight 13.5.1.0

oracle communications cloud native core network repository function 1.14.0

oracle banking party management 2.7.0

oracle communications design studio 7.4.2

oracle business intelligence 5.9.0.0.0

oracle healthcare foundation 8.1.0

oracle communications operations monitor 4.4

oracle retail merchandising system 19.0.1

oracle retail integration bus 14.1.3.2

oracle retail predictive application server 14.1.3

oracle retail financial integration 14.1.3.2

oracle retail extract transform and load 13.2.8

oracle retail eftlink 16.0.3

oracle retail eftlink 17.0.2

oracle retail eftlink 18.0.1

oracle retail eftlink 19.0.1

oracle retail integration bus 15.0.3.1

oracle retail financial integration 15.0.3.1

oracle retail predictive application server 16.0.3

oracle retail assortment planning 16.0.3

oracle retail size profile optimization 16.0.3

oracle sd-wan edge 9.1

oracle healthcare data repository 7.0.2

oracle access manager 12.2.1.4.0

oracle primavera portfolio management 20.0.0.0

oracle primavera portfolio management 20.0.0.1

oracle primavera portfolio management

oracle financial services analytical applications infrastructure

oracle communications operations monitor 5.0

oracle vm virtualbox

oracle database server 21c

oracle communications pricing design center 12.0.0.4.0

oracle communications convergence 3.0.2.2.0

oracle graalvm 21.3.0

oracle graalvm 20.3.4

oracle jdk 11.0.13

oracle primavera unifier 21.12

oracle utilities testing accelerator 6.0.0.2.2

oracle utilities testing accelerator 6.0.0.3.1

oracle utilities testing accelerator 6.0.0.1.1

oracle retail allocation 14.1.3.2

oracle retail allocation 15.0.3.1

oracle retail allocation 16.0.3

oracle retail allocation 19.0.1

oracle retail service backbone 19.0.0

oracle retail service backbone

oracle retail price management 13.2

oracle retail price management 14.0.4

oracle retail predictive application server 14.1.3.46

oracle retail predictive application server 15.0.3.115

oracle retail predictive application server 16.0.3.240

oracle retail order management system 19.5

oracle retail invoice matching 15.0.3

oracle retail invoice matching 16.0.3

oracle retail integration bus

oracle retail eftlink 20.0.1

oracle primavera p6 enterprise project portfolio management 21.12.0.0

oracle primavera p6 enterprise project portfolio management

oracle primavera gateway 21.12.0

oracle communications webrtc session controller 7.2.1

oracle communications service broker 6.2

oracle communications cloud native core console 1.7.0

oracle nosql database

oracle banking digital experience 21.1

oracle banking apis 19.1

oracle banking apis 19.2

oracle banking apis 20.1

oracle banking apis 21.1

oracle communications cloud native core binding support function 1.10.0

oracle communications cloud native core policy 1.14.0

oracle communications unified inventory management 7.4.2

oracle communications cloud native core unified data repository 1.14.0

oracle communications cloud native core service communication proxy 1.14.0

oracle communications cloud native core security edge protection proxy 1.5.0

oracle java se 8u311

oracle java se 7u321

oracle communications instant messaging server 10.0.1.5.0

oracle argus safety 8.2.3

oracle argus safety 8.2.1

oracle argus insight 8.2.1

oracle argus insight 8.2.2

oracle argus insight 8.2.3

oracle argus analytics 8.2.1

oracle argus analytics 8.2.2

oracle argus analytics 8.2.3

oracle airlines data model 12.2.0.1.0

oracle airlines data model 12.1.1.0.0

oracle argus analytics 8.21

oracle mysql server

oracle mysql connectors

oracle mysql workbench

oracle mysql cluster

oracle mysql server 5.7.36

oracle application performance management 13.5.1.0

oracle jd edwards enterpriseone orchestrator

oracle mysql connectors 8.0.27

oracle big data spatial and graph 23.1

oracle application performance management 13.4.1.0

oracle banking platform

oracle banking loans servicing 2.12.0

oracle banking enterprise default managment

oracle banking apis 18.2

oracle banking digital experience 17.2

oracle banking apis 18.1

oracle banking apis 18.3

oracle communications network charging and control

oracle communications network charging and control 6.0.1.0.0

oracle communications eagle application processor

oracle communications diameter signaling route

oracle communications design studio 7.3.4

oracle communications design studio 7.3.5

oracle communications design studio 7.4.0

oracle communications design studio 7.4.1

oracle communications data model 11.3.2.1.0

oracle communications data model 11.3.2.2.0

oracle communications data model 11.3.2.3.0

oracle communications data model 12.1.0.1.0

oracle communications data model 12.1.2.0.0

oracle communications convergent charging controller 6.0.1.0.0

oracle communications convergent charging controller

oracle communications contacts server 8.0.0.3.0

oracle communications cloud native core security edge protection proxy 1.6.0

oracle communications cloud native core security edge protection proxy 1.15.0

oracle communications cloud native core network function cloud native environment 1.9.0

oracle communications cloud native core binding support function 1.9.0

oracle communications cloud native core automated test suite 1.8.0

oracle communications calendar server 8.0.0.5.0

oracle communications billing and revenue management 12.0.0.3

oracle communications billing and revenue management 12.0.0.4

oracle clinical 5.2.2

oracle clinical 5.2.1

oracle healthcare data repository 8.1.1

oracle health sciences information manager 3.0.3

oracle health sciences information manager 3.0.2

oracle health sciences inform crf submit 6.2.1

oracle health sciences clinical development analytics 4.0.1

oracle graph server and client

oracle goldengate

oracle flexcube investor servicing 14.4.0

oracle flexcube investor servicing 14.5.0

oracle financial services trade-based anti money laundering 8.0.7

oracle financial services trade-based anti money laundering 8.0.8

oracle financial services model management and governance

oracle financial services foreign account tax compliance act management 8.0.7

oracle financial services foreign account tax compliance act management 8.0.8

oracle financial services foreign account tax compliance act management 8.0.11

oracle financial services enterprise case management 8.0.7

oracle financial services enterprise case management 8.0.8

oracle financial services enterprise case management 8.0.11

oracle financial services behavior detection platform 8.0.7

oracle financial services behavior detection platform 8.0.8

oracle financial services behavior detection platform 8.0.11

oracle financial services analytical applications infrastructure 7.3.3

oracle essbase administration services

oracle essbase administration services 11.1.2.4.47

oracle essbase

oracle essbase 11.1.2.4.47

oracle e-business suite

oracle enterprise communications broker 3.3

oracle demantra demand management

oracle communications webrtc session controller 7.2.0

oracle communications unified inventory management 7.5.0

oracle communications session border controller 8.2

oracle communications offline mediation controller 12.0.0.3

oracle healthcare translational research 4.1.0

oracle healthcare foundation 8.1.1

oracle healthcare foundation

oracle siebel applications

oracle primavera p6 professional project management

oracle primavera data warehouse 18.8.3.3

oracle primavera data warehouse 19.12.11.1

oracle primavera data warehouse 20.12.12.0

oracle primavera analytics 18.8.3.3

oracle primavera analytics 19.12.11.1

oracle primavera analytics 20.12.12.0

oracle peoplesoft enterprise people tools 8.57

oracle peoplesoft enterprise people tools 8.58

oracle peoplesoft enterprise people tools 8.59

oracle zfs storage application integration engineering software 1.3.3

oracle oss support tools

oracle timesten in-memory database

oracle thesaurus management system 5.2.3

oracle thesaurus management system 5.3.0

oracle thesaurus management system 5.3.1

oracle spatial studio 21.2.1

oracle secure backup 18.1.0.1.0

oracle retail service backbone 14.1.3.0

oracle retail service backbone 19.0.1

oracle retail price management 14.1

oracle retail price management 14.1.3

oracle retail price management 15.0.3

oracle retail price management 16.0.3

oracle retail integration bus 14.1.3.0

oracle retail integration bus 19.0.0

oracle retail integration bus 19.0.1

oracle retail fiscal management 14.2

oracle retail financial integration 19.0.1

oracle retail customer insights

oracle retail analytics

oracle rest data services 21.2.4

oracle rapid planning

oracle agile product lifecycle analytics 3.6.1

oracle policy automation

oracle java se 17.1

oracle insurance rules palette 11.3.1

oracle insurance policy administration j2ee

oracle insurance policy administration 11.1.0

oracle insurance policy administration 11.2.7

oracle insurance policy administration 11.3.1

oracle insurance insbridge rating and underwriting

oracle insurance insbridge rating and underwriting 5.2.0

oracle insurance data gateway 11.0.2

oracle insurance data gateway 11.1.0

oracle insurance data gateway 11.2.7

oracle insurance data gateway 11.3.0

oracle insurance data gateway 11.3.1

oracle hyperion ilearning 6.3

oracle hyperion ilearning 6.2

oracle hyperion infrastructure technology 11.2.7.0

oracle hospitality suite8 8.11.0

oracle hospitality suite8 8.12.0

oracle hospitality suite8 8.13.0

oracle hospitality suite8 8.14.0

oracle application express 21.1.4

oracle banking enterprise default management 2.7.0

oracle banking enterprise default management 2.7.1

oracle banking enterprise default management 2.6.2

oracle banking deposits and lines of credit servicing 2.12.0

oracle fujitsu_m10-1_firmware -

oracle fujitsu_m10-4_firmware -

oracle fujitsu_m10-4s_firmware -

oracle fujitsu_m12-1_firmware -

oracle fujitsu_m12-2_firmware -

oracle fujitsu_m12-2s_firmware -

Vendor Advisories

Debian CVElist Bug Report Logs: libhibernate-validator-java: CVE-2019-10219
Debian Bug report logs - #948235 libhibernate-validator-java: CVE-2019-10219 Package: libhibernate-validator-java; Maintainer for libhibernate-validator-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libhibernate-validator-java is src:libhibernate-validator-java (PTS, buildd, popcon) ...
Red Hat: Important: Red Hat Data Grid 7.3.6 security update
Synopsis Important: Red Hat Data Grid 736 security update Type/Severity Security Advisory: Important Topic An update for Red Hat Data Grid is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Important: Red Hat Single Sign-On 7.3.6 security update
Synopsis Important: Red Hat Single Sign-On 736 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 73 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.6 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 726 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72Red Hat Product Security has rated this update as having a security impact of Important ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 7 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 726 on RHEL 7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat Fuse 7.8.0 release and security update
Synopsis Important: Red Hat Fuse 780 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 77 to 78) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Produc ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 6 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 726 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 7.2.6 on RHEL 8 security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform 726 on RHEL 8 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 72 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Important: Red Hat build of Thorntail 2.5.1 security and bug fix update
Synopsis Important: Red Hat build of Thorntail 251 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of ThorntailRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10219, CVE-2020-10693, CVE-2020-25638, CVE-2021-28170, CVE-2022-0866, CVE-2022-1278, CVE-2022-1466, CVE-2022-2625, CVE-2022-2764, CVE-2022-23437 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

References

CWE-79https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219https://access.redhat.com/errata/RHSA-2020:0164https://access.redhat.com/errata/RHSA-2020:0160https://access.redhat.com/errata/RHSA-2020:0161https://access.redhat.com/errata/RHSA-2020:0159https://access.redhat.com/errata/RHSA-2020:0445https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://security.netapp.com/advisory/ntap-20220210-0024/https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3Ehttps://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3Ehttps://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3Ehttps://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3Ehttps://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3Ehttps://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948235https://nvd.nist.govhttps://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-136/index.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-47626CVE-2024-3400physicalCVE-2024-31426CVE-2024-22423CVE-2024-22438injectlocal usersCVE-2024-3797
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook