A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
User Interaction None
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact None
AV:N/AC:M/Au:N/C:P/I:P/A:N
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Debian |
|
Hibernate |
|
Oracle |
|
Quarkus |
|
Redhat |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
EAP 7.3.3 | |||
hibernate-core | cpe:/a:redhat:jboss_enterprise_application_platform:7.3 | RHSA-2020:5174 | 2020-11-23T00:00:00Z |
Red Hat build of Quarkus 1.7.5 SP1 | |||
hibernate-core | cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:5302 | 2020-12-01T00:00:00Z |
Red Hat Fuse 7.9 | |||
hibernate-core | cpe:/a:redhat:jboss_fuse:7 | RHSA-2021:3140 | 2021-08-11T00:00:00Z |
Red Hat Integration | |||
hibernate-core | cpe:/a:redhat:integration:1 | RHSA-2021:2039 | 2021-05-19T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7 | |||
hibernate-core | cpe:/a:redhat:jboss_enterprise_application_platform:7.3 | RHSA-2020:5344 | 2020-12-03T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6 | |||
eap7-hibernate-0:5.3.18-2.Final_redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5175 | 2020-11-23T00:00:00Z |
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el6eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6 | RHSA-2020:5340 | 2020-12-03T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7 | |||
eap7-hibernate-0:5.3.18-2.Final_redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5175 | 2020-11-23T00:00:00Z |
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el7eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7 | RHSA-2020:5341 | 2020-12-03T00:00:00Z |
Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8 | |||
eap7-hibernate-0:5.3.18-2.Final_redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5175 | 2020-11-23T00:00:00Z |
eap7-activemq-artemis-0:2.9.0-6.redhat_00016.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-fge-btf-0:1.2.0-1.redhat_00007.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-fge-msg-simple-0:1.1.0-1.redhat_00007.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-hal-console-0:3.2.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-hibernate-validator-0:6.0.21-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jackson-annotations-0:2.10.4-1.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jackson-core-0:2.10.4-1.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jackson-coreutils-0:1.6.0-1.redhat_00006.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jackson-jaxrs-providers-0:2.10.4-1.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jackson-modules-base-0:2.10.4-3.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jackson-modules-java8-0:2.10.4-1.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jasypt-0:1.9.3-1.redhat_00002.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jboss-marshalling-0:2.0.10-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jboss-remoting-0:5.0.19-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jboss-server-migration-0:1.7.2-3.Final_redhat_00004.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-jboss-xnio-base-0:3.7.11-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-undertow-0:2.0.32-1.SP1_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-wildfly-0:7.3.4-3.GA_redhat_00003.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-wildfly-elytron-0:1.10.9-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
eap7-wildfly-openssl-0:1.0.12-1.Final_redhat_00001.1.el8eap | cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8 | RHSA-2020:5342 | 2020-12-03T00:00:00Z |
Red Hat JBoss Web Server 5 | |||
hibernate-core | cpe:/a:redhat:jboss_enterprise_web_server:5.5 | RHSA-2021:2562 | 2021-06-29T00:00:00Z |
Red Hat JBoss Web Server 5.5 on RHEL 7 | |||
jws5-ecj-0:4.12.0-3.redhat_2.2.el7jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el7 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-mod_cluster-0:1.4.3-2.Final_redhat_00002.1.el7jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el7 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-tomcat-0:9.0.43-11.redhat_00011.1.el7jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el7 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-tomcat-native-0:1.2.26-3.redhat_3.el7jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el7 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-tomcat-vault-0:1.1.8-2.Final_redhat_00003.1.el7jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el7 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
Red Hat JBoss Web Server 5.5 on RHEL 8 | |||
jws5-ecj-0:4.12.0-3.redhat_2.2.el8jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el8 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-mod_cluster-0:1.4.3-2.Final_redhat_00002.1.el8jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el8 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-tomcat-0:9.0.43-11.redhat_00011.1.el8jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el8 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-tomcat-native-0:1.2.26-3.redhat_3.el8jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el8 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
jws5-tomcat-vault-0:1.1.8-2.Final_redhat_00003.1.el8jws | cpe:/a:redhat:jboss_enterprise_web_server:5.5::el8 | RHSA-2021:2561 | 2021-06-29T00:00:00Z |
Red Hat Single Sign-On 7.4.3 one-off | |||
hibernate-core | cpe:/a:redhat:jboss_single_sign_on:7.4 | RHSA-2020:5254 | 2020-11-30T00:00:00Z |
Red Hat support for Spring Boot 2.3.6 | |||
hibernate-core | cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2021:0292 | 2021-02-02T00:00:00Z |
RHDM 7.10.0 | |||
hibernate-core-kie-server-ee8 | cpe:/a:redhat:jboss_enterprise_brms_platform:7.10 | RHSA-2021:0603 | 2021-02-17T00:00:00Z |
RHPAM 7.10.0 | |||
hibernate-core-kie-server-ee8 | cpe:/a:redhat:jboss_enterprise_bpms_platform:7.10 | RHSA-2021:0600 | 2021-02-17T00:00:00Z |
Text-Only RHOAR | |||
cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:5361 | 2020-12-16T00:00:00Z | |
hibernate-core | cpe:/a:redhat:openshift_application_runtimes:1.0 | RHSA-2020:5388 | 2021-01-07T00:00:00Z |
Text-Only RHSSO | |||
hibernate-core | cpe:/a:redhat:red_hat_single_sign_on | RHSA-2020:5533 | 2020-12-15T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-12-02T14:36:24
Updated: 2024-08-04T15:40:35.438Z
Reserved: 2020-09-16T00:00:00
Link: CVE-2020-25638
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-12-02T15:15:12.377
Modified: 2024-11-21T05:18:18.350
Link: CVE-2020-25638
Redhat