CVE-2017-7536

Description

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

CVSS Metrics

• v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 4.4AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.13%• Percentile: 32%

Techniques & Countermeasures

• CWE-470•Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

  The product uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

• CWE-592•DEPRECATED: Authentication Bypass Issues

  This weakness has been deprecated because it covered redundant concepts already described in CWE-287.

Affected Systems

• org.hibernate•hibernate-validator

  ≥ 5.2.0, < 5.2.5.Final | ≥ 5.3.0, < 5.3.6.Final | ≥ 5.4.0, < 5.4.2.Final

• red hat, inc.•hibernate-validator

  5.2.x before 5.2.5 final | ≥ 5.3.0, < 5.4.0 | ≥ 5.4.0, < 5.5.0

• redhat•hibernate_validator

  ≥ 5.2.0, < 5.2.5 | ≥ 5.3.0, < 5.3.6 | ≥ 5.4.0, < 5.4.2

• redhat•jboss_enterprise_application_platform

  6.0.0 | 6.4.0 | 7.0 | 7.1

• redhat•satellite

  6.4

• redhat•satellite_capsule

  6.4

• redhat•virtualization

  4.0

• redhat•virtualization_host

  4.0

References (24)

• https://access.redhat.com/errata/RHSA-2017:2809
• https://access.redhat.com/errata/RHSA-2018:3817
• https://access.redhat.com/errata/RHSA-2018:2740
• https://access.redhat.com/errata/RHSA-2017:2810
• https://access.redhat.com/errata/RHSA-2018:2741
• http://www.securitytracker.com/id/1039744
• https://access.redhat.com/errata/RHSA-2018:2742
• https://access.redhat.com/errata/RHSA-2017:3458
• https://access.redhat.com/errata/RHSA-2017:2808
• http://www.securityfocus.com/bid/101048
• https://access.redhat.com/errata/RHSA-2017:3455
• https://access.redhat.com/errata/RHSA-2018:2927
• https://access.redhat.com/errata/RHSA-2017:3456
• https://access.redhat.com/errata/RHSA-2018:2743
• https://access.redhat.com/errata/RHSA-2017:3454
• https://access.redhat.com/errata/RHSA-2017:3141
• https://access.redhat.com/errata/RHSA-2017:2811
• https://bugzilla.redhat.com/show_bug.cgi?id=1465573
• https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
• https://nvd.nist.gov/vuln/detail/CVE-2017-7536
• https://github.com/hibernate/hibernate-validator/commit/0886e89900d343ea20fde5137c9a3086e6da9ac
• https://github.com/hibernate/hibernate-validator/commit/0778a5c98b817771a645c6f4ba0b28dd8b5437b
• https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
• https://github.com/hibernate/hibernate-validator