CVE-2019-14900

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
Configurations

Configuration 1

cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*
cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:fuse:*:*:*:*:*:*:*:*
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*

Information

Published : 2020-07-06 07:15

Updated : 2022-04-29 05:08


NVD link : CVE-2019-14900

Mitre link : CVE-2019-14900

CWE