VDB
CVE-2017-7536
CVE-2017-7536
REJECTED
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
EPSS 0.13% · 31.6th percentile
Risk Scores
EPSS Score
0.13%
31.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libhibernate-validator-java | 0, 4.3.3-2, 4.3.3-3 |
Exploit Intelligence
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
- druid-612f0710.json (github-poc)
Timeline
- Jan 10, 2018 CVE Published
- Oct 3, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-7536 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-7536 third-party-advisory