Skip to main content

Hibernate Validator CVE-2019-10219

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-11-08 secalert@redhat.com
XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform Openshift Application Runtimes Single Sign On Active Iq Unified Manager Management Services For Element Software And Netapp Hci Snapcenter Plug In Element Access Manager Agile Engineering Data Management Agile Plm Agile Product Lifecycle Analytics Agile Product Lifecycle Management Integration Pack Airlines Data Model Application Express Application Performance Management Application Testing Suite Argus Analytics Argus Insight Argus Safety Banking Apis Banking Deposits And Lines Of Credit Servicing Banking Digital Experience Banking Enterprise Default Management Banking Enterprise Default Managment Banking Loans Servicing Banking Party Management Banking Platform Bi Publisher Big Data Spatial And Graph Business Activity Monitoring Business Intelligence Business Process Management Suite Clinical Commerce Guided Search Commerce Platform Communications Application Session Controller Communications Billing And Revenue Management Communications Billing And Revenue Management Elastic Charging Engine Communications Calendar Server Communications Cloud Native Core Automated Test Suite Communications Cloud Native Core Binding Support Function Communications Cloud Native Core Console Communications Cloud Native Core Network Function Cloud Native Environment Communications Cloud Native Core Network Repository Function Communications Cloud Native Core Policy Communications Cloud Native Core Security Edge Protection Proxy Communications Cloud Native Core Service Communication Proxy Communications Cloud Native Core Unified Data Repository Communications Contacts Server Communications Converged Application Server Service Controller Communications Convergence Communications Convergent Charging Controller Communications Data Model Communications Design Studio Communications Diameter Signaling Route Communications Eagle Application Processor Communications Instant Messaging Server Communications Interactive Session Recorder Communications Messaging Server Communications Metasolv Solution Communications Network Charging And Control Communications Network Integrity Communications Offline Mediation Controller Communications Operations Monitor Communications Pricing Design Center Communications Service Broker Communications Services Gatekeeper Communications Session Border Controller Communications Unified Inventory Management Communications Webrtc Session Controller Data Integrator Database Server Demantra Demand Management Documaker E Business Suite Enterprise Communications Broker Enterprise Data Quality Enterprise Manager Base Platform Enterprise Manager Ops Center Enterprise Session Border Controller Essbase Essbase Administration Services Financial Services Analytical Applications Infrastructure Financial Services Behavior Detection Platform Financial Services Enterprise Case Management Financial Services Foreign Account Tax Compliance Act Management Financial Services Model Management And Governance Financial Services Trade Based Anti Money Laundering Flexcube Investor Servicing Flexcube Private Banking Fusion Middleware Fusion Middleware Mapviewer Goldengate Goldengate Application Adapters Graalvm Graph Server And Client Health Sciences Clinical Development Analytics Health Sciences Inform Crf Submit Health Sciences Information Manager Healthcare Data Repository Healthcare Foundation Healthcare Translational Research Hospitality Cruise Shipboard Property Management System Hospitality Opera 5 Property Services Hospitality Reporting And Analytics Hospitality Suite8 Http Server Hyperion Financial Management Hyperion Ilearning Hyperion Infrastructure Technology Instantis Enterprisetrack Insurance Data Gateway Insurance Insbridge Rating And Underwriting Insurance Policy Administration Insurance Policy Administration J2Ee Insurance Rules Palette Java Se Jd Edwards Enterpriseone Orchestrator Jdk Managed File Transfer Mysql Cluster Mysql Connectors Mysql Server Mysql Workbench Nosql Database Oss Support Tools Peoplesoft Enterprise Cs Sa Integration Pack Peoplesoft Enterprise People Tools Peoplesoft Enterprise Peopletools Policy Automation Primavera Analytics Primavera Data Warehouse Primavera Gateway Primavera P6 Enterprise Project Portfolio Management Primavera P6 Professional Project Management Primavera Portfolio Management Primavera Unifier Rapid Planning Real Time Decision Server Real User Experience Insight Rest Data Services Retail Allocation Retail Analytics Retail Assortment Planning Retail Back Office Retail Central Office Retail Customer Insights Retail Customer Management And Segmentation Foundation Retail Eftlink Retail Extract Transform And Load Retail Financial Integration Retail Fiscal Management Retail Integration Bus Retail Invoice Matching Retail Merchandising System Retail Order Broker Retail Order Management System Retail Point Of Sale Retail Predictive Application Server Retail Price Management Retail Returns Management Retail Service Backbone Retail Size Profile Optimization Retail Xstore Point Of Service Sd Wan Aware Sd Wan Edge Secure Backup Siebel Applications Spatial Studio Thesaurus Management System Timesten In Memory Database Utilities Framework Utilities Testing Accelerator Vm Virtualbox Webcenter Portal Weblogic Server Zfs Storage Appliance Kit Zfs Storage Application Integration Engineering Software Solaris Fujitsu M10 1 Firmware Fujitsu M10 4 Firmware Fujitsu M10 4S Firmware Fujitsu M12 1 Firmware Fujitsu M12 2 Firmware Fujitsu M12 2S Firmware
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 08, 2019 - 15:15 nvd
MEDIUM 6.1

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 5 maven packages depend on org.hibernate.validator:hibernate-validator (3 direct, 2 indirect)

Ecosystem-wide dependent count for version 6.1.0.Alpha1.

DescriptionNVD

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

AnalysisAI

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Affected products include: Redhat Hibernate Validator, Redhat Fuse, Redhat Jboss Data Grid, Redhat Jboss Enterprise Application Platform, Redhat Openshift Application Runtimes.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

Share

CVE-2019-10219 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy