CVE-2017-7536 vulnerability in Red Hat Products
Published on January 10, 2018
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
Weakness Type
DEPRECATED: Authentication Bypass Issues
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
Products Associated with CVE-2017-7536
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
Affected Versions
Red Hat, Inc. hibernate-validator:- Version 5.2.x before 5.2.5 final is affected.
- Version 5.3.x is affected.
- Version 5.4.x is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.