CVE-2019-14900 vulnerability in Hibernate and Other Products
Published on July 6, 2020

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

NVD

Products Associated with CVE-2019-14900

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-14900 are published in these products:

Hibernate Orm

Red Hat Decision Manager

Red Hat Jboss Data Grid

Red Hat Openstack

Quarkus

Red Hat Build Of Quarkus

Red Hat Fuse

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Middleware Text Only Advisories

Red Hat Single Sign On

Exploit Probability

EPSS

1.81%

Percentile

82.59%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-14900 vulnerability in Hibernate and Other ProductsPublished on July 6, 2020

Products Associated with CVE-2019-14900

Exploit Probability

CVE-2019-14900 vulnerability in Hibernate and Other Products
Published on July 6, 2020