CVE-2019-10219

Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
• v3.0•MEDIUM•Score: 6.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 1.67%• Percentile: 82%

Techniques & Countermeasures

• CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Systems

• hibernate•hibernate-validator

  ≥ 6.0.0.Alpha1, ≤ 6.0.17.Final | ≥ 6.1.0.Alpha1, ≤ 6.1.0.Alpha6

• org.hibernate•hibernate-validator

  ≥ 6.1.0.Alpha1, < 6.1.0.Alpha6 | ≥ 6.0.0.Alpha1, < 6.0.18.Final

• org.hibernate.validator•hibernate-validator

  ≥ 6.1.0.Alpha1, < 6.1.0.Alpha6 | ≥ 6.0.0.Alpha1, < 6.0.18.Final

• netapp•active_iq_unified_manager

  na

• netapp•element

  na

• netapp•management_services_for_element_software_and_netapp_hci

  na

• netapp•snapcenter_plug-in

  na

• oracle•access_manager

  11.1.2.3.0 | 12.2.1.3.0 | 12.2.1.4.0

• oracle•agile_engineering_data_management

  6.2.1.0

• oracle•agile_plm

  9.3.3 | 9.3.6

• oracle•agile_product_lifecycle_analytics

  3.6.1

• oracle•agile_product_lifecycle_management_integration_pack

  3.6

• oracle•airlines_data_model

  12.1.1.0.0 | 12.2.0.1.0

• oracle•application_express

  21.1.4

• oracle•application_performance_management

  13.4.1.0 | 13.5.1.0

• oracle•application_testing_suite

  13.3.0.1

• oracle•argus_analytics

  8.2.1 | 8.2.2 | 8.2.3

• oracle•argus_insight

  8.2.1 | 8.2.2 | 8.2.3

• oracle•argus_safety

  8.2.1 | 8.2.2 | 8.2.3

• oracle•banking_apis

  18.1 | 18.2 | 18.3 | 19.1 | 19.2 | 20.1 | 21.1

• oracle•banking_deposits_and_lines_of_credit_servicing

  2.12.0

• oracle•banking_digital_experience

  17.2 | 18.1 | 18.3 | 19.1 | 19.2 | 20.1 | 21.1

• oracle•banking_enterprise_default_management

  2.6.2 | 2.7.0 | 2.7.1 | 2.10.0 | 2.12.0

• oracle•banking_enterprise_default_managment

  ≥ 2.3.0, ≤ 2.4.0

• oracle•banking_loans_servicing

  2.12.0

• oracle•banking_party_management

  2.7.0

• oracle•banking_platform

  ≥ 2.3.0, ≤ 2.4.1 | 2.6.2 | 2.7.0 | 2.7.1

• oracle•bi_publisher

  5.5.0.0.0 | 11.1.1.9.0 | 12.2.1.3.0 | 12.2.1.4.0

• oracle•big_data_spatial_and_graph

  23.1

• oracle•business_activity_monitoring

  12.2.1.4.0

• oracle•business_intelligence

  5.5.0.0.0 | 5.9.0.0.0 | 12.2.1.3.0 | 12.2.1.4.0

• oracle•business_process_management_suite

  12.2.1.3.0 | 12.2.1.4.0

• oracle•clinical

  5.2.1 | 5.2.2

• oracle•commerce_guided_search

  11.3.2

• oracle•commerce_platform

  ≥ 11.3.0, ≤ 11.3.2

• oracle•communications_application_session_controller

  3.9.0

• oracle•communications_billing_and_revenue_management

  12.0.0.3 | 12.0.0.4

• oracle•communications_billing_and_revenue_management_elastic_charging_engine

  11.3 | 12.0

• oracle•communications_calendar_server

  8.0.0.5.0 | 8.0.0.6.0

• oracle•communications_cloud_native_core_automated_test_suite

  1.8.0

• oracle•communications_cloud_native_core_binding_support_function

  1.9.0 | 1.10.0

• oracle•communications_cloud_native_core_console

  1.7.0

• oracle•communications_cloud_native_core_network_function_cloud_native_environment

  1.9.0

• oracle•communications_cloud_native_core_network_repository_function

  1.14.0

• oracle•communications_cloud_native_core_policy

  1.14.0

• oracle•communications_cloud_native_core_security_edge_protection_proxy

  1.5.0 | 1.6.0 | 1.15.0

• oracle•communications_cloud_native_core_service_communication_proxy

  1.14.0

• oracle•communications_cloud_native_core_unified_data_repository

  1.14.0

• oracle•communications_contacts_server

  8.0.0.3.0

• oracle•communications_converged_application_server_-_service_controller

  6.2

Showing first 50 affected entries in server-rendered view.

References (28)

• https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E
• https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E
• https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E
• https://access.redhat.com/errata/RHSA-2020:0164
• https://access.redhat.com/errata/RHSA-2020:0159
• https://access.redhat.com/errata/RHSA-2020:0160
• https://access.redhat.com/errata/RHSA-2020:0161
• https://access.redhat.com/errata/RHSA-2020:0445
• https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E
• https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E
• https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe
• https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee
• https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219
• https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219
• https://security.netapp.com/advisory/ntap-20220210-0024/
• https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee
• https://nvd.nist.gov/vuln/detail/CVE-2019-10219
• https://security.netapp.com/advisory/ntap-20220210-0024
• https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E
• https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E
• https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E
• https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E
• https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E
• https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E
• https://github.com/hibernate/hibernate-validator