How severe is CVE-2017-7536?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2017-7536?

This is classified as CWE-592, which is a common weakness in software security.

CVE-2017-7536 - HIGH Severity | CVSS 7

Vulnerability Description

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue().

Related Vulnerabilities

CVE-2016-8371

HIGH

CVSS:7.3(High)

The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

CWE-5922016

CVE-2019-3899

HIGH

CVSS:7.3(High)

It was found that default configuration of Heketi does not require any authentication potentially exposing the management interface to misuse. This isue only affects heketi as shipped with Openshift C...

CWE-5922019

CVE-2017-7537

HIGH

CVSS:7.5(High)

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to byp...

CWE-5922017

CVE-2019-10198

MEDIUM

CVSS:6.5(Medium)

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the chan...

CWE-5922019

CVE-2019-14843

HIGH

CVSS:7.5(High)

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access una...

CWE-5922019

CVE-2017-12164

MEDIUM

CVSS:6.4(Medium)

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as anot...

CWE-5922017