Privilege Escalation

2017-09-2707:15:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

28.1%

JSON

hibernate-validator is vulnerable to privilege escalation attacks. When the security manager is used, its reflective permissions allow the access to private members.

CPENameOperatorVersion
hibernate validator enginele6.0.0.CR2
hibernate validator engine - relocation artifactle5.2.4.Final
hibernate validator engine - relocation artifactle5.3.5.Final
hibernate validator engine - relocation artifactle5.4.1.Final
eap7-jbossws-cxfeq5.1.3__3.SP1_redhat_1.1.ep7.el7
eap7-jbossws-cxfeq5.1.8__1.Final_redhat_1.1.ep7.el7
eap7-jbossws-cxfeq5.1.8__1.Final_redhat_1.1.ep7.el6
eap7-jbossws-cxfeq5.1.5__1.Final_redhat_1.1.ep7.el6
eap7-jbossws-cxfeq5.1.5__1.Final_redhat_1.1.ep7.el7
eap7-jbossws-cxfeq5.1.3__3.SP1_redhat_1.1.ep7.el6

Name	Operator	Version
hibernate validator engine	le	6.0.0.CR2
hibernate validator engine - relocation artifact	le	5.2.4.Final
hibernate validator engine - relocation artifact	le	5.3.5.Final
hibernate validator engine - relocation artifact	le	5.4.1.Final
eap7-jbossws-cxf	eq	5.1.3__3.SP1_redhat_1.1.ep7.el7
eap7-jbossws-cxf	eq	5.1.8__1.Final_redhat_1.1.ep7.el7
eap7-jbossws-cxf	eq	5.1.8__1.Final_redhat_1.1.ep7.el6
eap7-jbossws-cxf	eq	5.1.5__1.Final_redhat_1.1.ep7.el6
eap7-jbossws-cxf	eq	5.1.5__1.Final_redhat_1.1.ep7.el7
eap7-jbossws-cxf	eq	5.1.3__3.SP1_redhat_1.1.ep7.el6