Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for hibernate-validator by Red Hat, Inc.

    CVE-2017-7536 (GCVE-0-2017-7536)

    Vulnerability from nvd – Published: 2018-01-10 15:00 – Updated: 2024-09-16 17:32
    VLAI
    Summary
    In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:2809 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3817 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2740 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2810 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2741 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1039744 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:2742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2808 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/101048 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:3455 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2927 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3456 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2743 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3454 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2811 vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1465573 x_refsource_CONFIRM
    https://lists.apache.org/thread.html/9317fd092b25… mailing-listx_refsource_MLIST
    Impacted products
    Vendor Product Version
    Red Hat, Inc. hibernate-validator Affected: 5.2.x before 5.2.5 final
    Affected: 5.3.x
    Affected: 5.4.x
    Create a notification for this product.
    Date Public
    2017-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:2809",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2809"
              },
              {
                "name": "RHSA-2018:3817",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3817"
              },
              {
                "name": "RHSA-2018:2740",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2740"
              },
              {
                "name": "RHSA-2017:2810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2810"
              },
              {
                "name": "RHSA-2018:2741",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2741"
              },
              {
                "name": "1039744",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039744"
              },
              {
                "name": "RHSA-2018:2742",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2742"
              },
              {
                "name": "RHSA-2017:3458",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3458"
              },
              {
                "name": "RHSA-2017:2808",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2808"
              },
              {
                "name": "101048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101048"
              },
              {
                "name": "RHSA-2017:3455",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3455"
              },
              {
                "name": "RHSA-2018:2927",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2927"
              },
              {
                "name": "RHSA-2017:3456",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3456"
              },
              {
                "name": "RHSA-2018:2743",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2743"
              },
              {
                "name": "RHSA-2017:3454",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3454"
              },
              {
                "name": "RHSA-2017:3141",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3141"
              },
              {
                "name": "RHSA-2017:2811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2811"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
              },
              {
                "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hibernate-validator",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.x before 5.2.5 final"
                },
                {
                  "status": "affected",
                  "version": "5.3.x"
                },
                {
                  "status": "affected",
                  "version": "5.4.x"
                }
              ]
            }
          ],
          "datePublic": "2017-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-592",
                  "description": "CWE-592",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-16T01:07:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:2809",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2809"
            },
            {
              "name": "RHSA-2018:3817",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3817"
            },
            {
              "name": "RHSA-2018:2740",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2740"
            },
            {
              "name": "RHSA-2017:2810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2810"
            },
            {
              "name": "RHSA-2018:2741",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2741"
            },
            {
              "name": "1039744",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039744"
            },
            {
              "name": "RHSA-2018:2742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2742"
            },
            {
              "name": "RHSA-2017:3458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3458"
            },
            {
              "name": "RHSA-2017:2808",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2808"
            },
            {
              "name": "101048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101048"
            },
            {
              "name": "RHSA-2017:3455",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3455"
            },
            {
              "name": "RHSA-2018:2927",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2927"
            },
            {
              "name": "RHSA-2017:3456",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3456"
            },
            {
              "name": "RHSA-2018:2743",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2743"
            },
            {
              "name": "RHSA-2017:3454",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3454"
            },
            {
              "name": "RHSA-2017:3141",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3141"
            },
            {
              "name": "RHSA-2017:2811",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2811"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2017-06-27T00:00:00",
              "ID": "CVE-2017-7536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "hibernate-validator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.2.x before 5.2.5 final"
                              },
                              {
                                "version_value": "5.3.x"
                              },
                              {
                                "version_value": "5.4.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-592"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:2809",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2809"
                },
                {
                  "name": "RHSA-2018:3817",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3817"
                },
                {
                  "name": "RHSA-2018:2740",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2740"
                },
                {
                  "name": "RHSA-2017:2810",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2810"
                },
                {
                  "name": "RHSA-2018:2741",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2741"
                },
                {
                  "name": "1039744",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039744"
                },
                {
                  "name": "RHSA-2018:2742",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2742"
                },
                {
                  "name": "RHSA-2017:3458",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3458"
                },
                {
                  "name": "RHSA-2017:2808",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2808"
                },
                {
                  "name": "101048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101048"
                },
                {
                  "name": "RHSA-2017:3455",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3455"
                },
                {
                  "name": "RHSA-2018:2927",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2927"
                },
                {
                  "name": "RHSA-2017:3456",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3456"
                },
                {
                  "name": "RHSA-2018:2743",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2743"
                },
                {
                  "name": "RHSA-2017:3454",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3454"
                },
                {
                  "name": "RHSA-2017:3141",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3141"
                },
                {
                  "name": "RHSA-2017:2811",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2811"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
                },
                {
                  "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7536",
        "datePublished": "2018-01-10T15:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:38.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-7536 (GCVE-0-2017-7536)

    Vulnerability from cvelistv5 – Published: 2018-01-10 15:00 – Updated: 2024-09-16 17:32
    VLAI
    Summary
    In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2017:2809 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:3817 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2740 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2810 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2741 vendor-advisoryx_refsource_REDHAT
    http://www.securitytracker.com/id/1039744 vdb-entryx_refsource_SECTRACK
    https://access.redhat.com/errata/RHSA-2018:2742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3458 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2808 vendor-advisoryx_refsource_REDHAT
    http://www.securityfocus.com/bid/101048 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2017:3455 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2927 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3456 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2018:2743 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3454 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:3141 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2017:2811 vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1465573 x_refsource_CONFIRM
    https://lists.apache.org/thread.html/9317fd092b25… mailing-listx_refsource_MLIST
    Impacted products
    Vendor Product Version
    Red Hat, Inc. hibernate-validator Affected: 5.2.x before 5.2.5 final
    Affected: 5.3.x
    Affected: 5.4.x
    Create a notification for this product.
    Date Public
    2017-06-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:04:11.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2017:2809",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2809"
              },
              {
                "name": "RHSA-2018:3817",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:3817"
              },
              {
                "name": "RHSA-2018:2740",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2740"
              },
              {
                "name": "RHSA-2017:2810",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2810"
              },
              {
                "name": "RHSA-2018:2741",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2741"
              },
              {
                "name": "1039744",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1039744"
              },
              {
                "name": "RHSA-2018:2742",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2742"
              },
              {
                "name": "RHSA-2017:3458",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3458"
              },
              {
                "name": "RHSA-2017:2808",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2808"
              },
              {
                "name": "101048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/101048"
              },
              {
                "name": "RHSA-2017:3455",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3455"
              },
              {
                "name": "RHSA-2018:2927",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2927"
              },
              {
                "name": "RHSA-2017:3456",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3456"
              },
              {
                "name": "RHSA-2018:2743",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2743"
              },
              {
                "name": "RHSA-2017:3454",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3454"
              },
              {
                "name": "RHSA-2017:3141",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:3141"
              },
              {
                "name": "RHSA-2017:2811",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2017:2811"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
              },
              {
                "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hibernate-validator",
              "vendor": "Red Hat, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "5.2.x before 5.2.5 final"
                },
                {
                  "status": "affected",
                  "version": "5.3.x"
                },
                {
                  "status": "affected",
                  "version": "5.4.x"
                }
              ]
            }
          ],
          "datePublic": "2017-06-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-592",
                  "description": "CWE-592",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-16T01:07:02.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2017:2809",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2809"
            },
            {
              "name": "RHSA-2018:3817",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:3817"
            },
            {
              "name": "RHSA-2018:2740",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2740"
            },
            {
              "name": "RHSA-2017:2810",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2810"
            },
            {
              "name": "RHSA-2018:2741",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2741"
            },
            {
              "name": "1039744",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1039744"
            },
            {
              "name": "RHSA-2018:2742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2742"
            },
            {
              "name": "RHSA-2017:3458",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3458"
            },
            {
              "name": "RHSA-2017:2808",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2808"
            },
            {
              "name": "101048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/101048"
            },
            {
              "name": "RHSA-2017:3455",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3455"
            },
            {
              "name": "RHSA-2018:2927",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2927"
            },
            {
              "name": "RHSA-2017:3456",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3456"
            },
            {
              "name": "RHSA-2018:2743",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2743"
            },
            {
              "name": "RHSA-2017:3454",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3454"
            },
            {
              "name": "RHSA-2017:3141",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3141"
            },
            {
              "name": "RHSA-2017:2811",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:2811"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
            },
            {
              "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "DATE_PUBLIC": "2017-06-27T00:00:00",
              "ID": "CVE-2017-7536",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "hibernate-validator",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "5.2.x before 5.2.5 final"
                              },
                              {
                                "version_value": "5.3.x"
                              },
                              {
                                "version_value": "5.4.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat, Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager\u0027s reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-592"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2017:2809",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2809"
                },
                {
                  "name": "RHSA-2018:3817",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:3817"
                },
                {
                  "name": "RHSA-2018:2740",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2740"
                },
                {
                  "name": "RHSA-2017:2810",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2810"
                },
                {
                  "name": "RHSA-2018:2741",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2741"
                },
                {
                  "name": "1039744",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1039744"
                },
                {
                  "name": "RHSA-2018:2742",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2742"
                },
                {
                  "name": "RHSA-2017:3458",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3458"
                },
                {
                  "name": "RHSA-2017:2808",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2808"
                },
                {
                  "name": "101048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/101048"
                },
                {
                  "name": "RHSA-2017:3455",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3455"
                },
                {
                  "name": "RHSA-2018:2927",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2927"
                },
                {
                  "name": "RHSA-2017:3456",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3456"
                },
                {
                  "name": "RHSA-2018:2743",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2018:2743"
                },
                {
                  "name": "RHSA-2017:3454",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3454"
                },
                {
                  "name": "RHSA-2017:3141",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:3141"
                },
                {
                  "name": "RHSA-2017:2811",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2017:2811"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465573"
                },
                {
                  "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                  "refsource": "MLIST",
                  "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2017-7536",
        "datePublished": "2018-01-10T15:00:00.000Z",
        "dateReserved": "2017-04-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:38.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }