Published: 02/12/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 517

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an malicious user to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hibernate hibernate orm
debian debian linux 9.0
debian debian linux 10.0
quarkus quarkus
oracle retail customer management and segmentation foundation 19.0
oracle communications cloud native core console 1.9.0

It was discovered that libhibernate3-java, a powerful, high performance object/relational persistence and query service, is prone to an SQL injection vulnerability allowing an attacker to access unauthorized information or possibly conduct further attacks For the stable distribution (buster), this problem has been fixed in version 3610Final-9+d ...

Synopsis Important: Red Hat build of Quarkus 175 SP1 release and security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 733 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact of Important A ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 73 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 6, 7, and 8Red Hat Product Security has rated this update as h ...

Synopsis Important: Red Hat Process Automation Manager 7100 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...

Synopsis Important: Red Hat Single Sign-On 743 one-off security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Comm ...

Synopsis Important: Red Hat Decision Manager 7100 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 734 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact ofImportant A ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 734 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat build of Thorntail 272 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat build of ThorntailRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Synopsis Important: Red Hat Single Sign-On 744 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 734 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat support for Spring Boot 236 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat support for Spring BootRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sy ...

Synopsis Important: Red Hat support for Spring Boot 2211 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat support for Spring BootRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring S ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 734 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-17195, CVE-2020-10718, CVE-2020-10734, CVE-2020-10746, CVE-2020-10776, CVE-2020-25638, CVE-2020-25689, CVE-2020-27822, CVE-2021-32027 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10219, CVE-2020-10693, CVE-2020-25638, CVE-2021-28170, CVE-2022-0866, CVE-2022-1278, CVE-2022-1466, CVE-2022-2625, CVE-2022-2764, CVE-2022-23437 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

Multi-product demo: OpenShift, Tekton, RHACS and Quarkus This is a simple demonstration of building a Quarkus application using Tecton in OpenShift 46 and integrating the pipeline to Red Hat Advanced Cluster Security (ACS/RHACS) The demo displays detection of a vulnerability (CVE-2020-25638: hibernate-core: SQL injection) in Quarkus 173Final Updating our build to Quarkus

M183 Project @LennyLam @LorisPolenz @michaeldesmitt

Documentation Project @Loris Polenz, @Michael de Smitt, @Lenny Lam About our Project The goal of this project was to get to know the individual OWASP top 10 and see how they work and how to secure an application against them We did not use any tools since the configuration of a tool would be way more work than the actual goal of learning about the vulnerabilities How a tool s

CWE-89 https://bugzilla.redhat.com/show_bug.cgi?id=1881353 https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html https://www.debian.org/security/2021/dsa-4908 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E https://nvd.nist.gov https://www.debian.org/security/2021/dsa-4908 https://github.com/MDS160902/183-csp

Get Started

CVE-2020-25638

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect