cpe:/a:redhat:hibernate_validator:5.2.0:- cpe:/a:redhat:hibernate_validator:5.2.0:alpha1 cpe:/a:redhat:hibernate_validator:5.2.0:beta1 cpe:/a:redhat:hibernate_validator:5.2.0:cr1 cpe:/a:redhat:hibernate_validator:5.2.1 cpe:/a:redhat:hibernate_validator:5.2.2 cpe:/a:redhat:hibernate_validator:5.2.3 cpe:/a:redhat:hibernate_validator:5.2.4 cpe:/a:redhat:hibernate_validator:5.2.5 cpe:/a:redhat:hibernate_validator:5.3.0 cpe:/a:redhat:hibernate_validator:5.3.0:- cpe:/a:redhat:hibernate_validator:5.3.0:alpha1 cpe:/a:redhat:hibernate_validator:5.3.0:cr1 cpe:/a:redhat:hibernate_validator:5.3.1 cpe:/a:redhat:hibernate_validator:5.3.2 cpe:/a:redhat:hibernate_validator:5.3.3 cpe:/a:redhat:hibernate_validator:5.3.4 cpe:/a:redhat:hibernate_validator:5.3.5 cpe:/a:redhat:hibernate_validator:5.4.0 cpe:/a:redhat:hibernate_validator:5.4.0:- cpe:/a:redhat:hibernate_validator:5.4.0:beta1 cpe:/a:redhat:hibernate_validator:5.4.0:cr1 cpe:/a:redhat:hibernate_validator:5.4.1 CVE-2017-7536 2018-01-10T10:29:00.283-05:00 2019-10-02T20:03:26.223-04:00 4.4 LOCAL MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov BID 101048 SECTRACK 1039744 REDHAT RHSA-2017:2808 REDHAT RHSA-2017:2809 REDHAT RHSA-2017:2810 REDHAT RHSA-2017:2811 REDHAT RHSA-2017:3141 REDHAT RHSA-2017:3454 REDHAT RHSA-2017:3455 REDHAT RHSA-2017:3456 REDHAT RHSA-2017:3458 REDHAT RHSA-2018:2740 REDHAT RHSA-2018:2741 REDHAT RHSA-2018:2742 REDHAT RHSA-2018:2743 REDHAT RHSA-2018:2927 REDHAT RHSA-2018:3817 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1465573 In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().