CVE-2014-3558

CVSS v2.0 5 (Medium)

EPSS 0.45 % (75^th)

Affected Products 1

Advisories 1

ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-09-30 14:55:08
(10 years ago)
Updated Date: 2019-03-21 14:24:50
(5 years ago)

Affected Products

Redhat

Hibernate Validator

Configuration #1

	CPE23	From	Up To
Redhat Hibernate Validator from 4.3.0 version and prior 4.3.2 version	cpe:2.3:a:redhat:hibernate_validator	>= 4.3.0	< 4.3.2
Redhat Hibernate Validator from 5.0.0 version and 5.0.3 and prior versions	cpe:2.3:a:redhat:hibernate_validator	>= 5.0.0	<= 5.0.3
Redhat Hibernate Validator from 5.1.0 version and prior 5.1.2 version	cpe:2.3:a:redhat:hibernate_validator	>= 5.1.0	< 5.1.2
Redhat Hibernate Validator 4.1.0	cpe:2.3:a:redhat:hibernate_validator:4.1.0
Redhat Hibernate Validator 4.2.0	cpe:2.3:a:redhat:hibernate_validator:4.2.0
Redhat Hibernate Validator 4.2.0 Beta1	cpe:2.3:a:redhat:hibernate_validator:4.2.0:beta1
Redhat Hibernate Validator 4.2.0 Beta2	cpe:2.3:a:redhat:hibernate_validator:4.2.0:beta2
Redhat Hibernate Validator 4.2.0 Cr1	cpe:2.3:a:redhat:hibernate_validator:4.2.0:cr1