CVE-2017-7536 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-7536 REJECTED

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

EPSS 0.10% · 28.3th percentile

Risk Scores

EPSS Score

0.10%

28.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	libhibernate-validator-java	0, 4.3.3-2, 4.3.3-3

Timeline

Jan 10, 2018 CVE Published
Oct 3, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2017-7536 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2017-7536 third-party-advisory

Open in Interactive Console →