![icon](https://www.mend.io/vulnerability-database/wp-content/themes/whitesource/img/search_cube.png)
We found results for “”
CVE-2014-3558
Good to know:
![A fix is available icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/icon2.png)
![Can be analyzed by Mend Prioritize icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/icon3.png)
Date: September 30, 2014
ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application.
Language: Java
Severity Score
Related Resources (11)
Severity Score
Weakness Type (CWE)
Permissions, Privileges, and Access Control
CWE-264Top Fix
![icon](https://www.mend.io/vulnerability-database//wp-content/themes/whitesource/img/sec5.png)
Upgrade Version
Upgrade to version org.hibernate:hibernate-validator:4.3.2.Final,5.1.2.Final
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | LOW |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | PARTIAL |
Additional information: |