VDB
DEBIAN-CVE-2017-7536
DEBIAN-CVE-2017-7536
PUBLISHED
CVSS 7 HIGH
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
Risk Scores
CVSS v3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | libhibernate-validator-java | 0, 0, 0 |
| Debian:13 | libhibernate-validator-java | 0, 0, 0 |
| Debian:14 | libhibernate-validator-java | 0, 0, 0 |
| Debian:12 | libhibernate-validator-java | 0, 0, 0 |
Timeline
- Jan 10, 2018 CVE Published
- Apr 28, 2026 CVE Updated