In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().
History

Fri, 23 Aug 2024 05:30:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:jboss_enterprise_application_platform:7.1::el7

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-01-10T15:00:00Z

Updated: 2024-09-16T17:32:38.135Z

Reserved: 2017-04-05T00:00:00

Link: CVE-2017-7536

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-10T15:29:00.283

Modified: 2023-11-07T02:50:12.580

Link: CVE-2017-7536

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-09-26T00:00:00Z

Links: CVE-2017-7536 - Bugzilla