CVE-2019-10219

MEDIUM

6.1

Description

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

Details CVE

Score CVSS v3.16.1

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie11/8/2019

Derniere modification7/7/2025

Sourcenvd

Observations honeypot0

Produits affectes

netapp:active_iq_unified_managernetapp:elementnetapp:management_services_for_element_software_and_netapp_hcinetapp:snapcenter_plug-inoracle:access_manageroracle:agile_engineering_data_managementoracle:agile_plmoracle:agile_product_lifecycle_analyticsoracle:agile_product_lifecycle_management_integration_packoracle:airlines_data_modeloracle:application_expressoracle:application_performance_managementoracle:application_testing_suiteoracle:argus_analyticsoracle:argus_insightoracle:argus_safetyoracle:banking_apisoracle:banking_deposits_and_lines_of_credit_servicingoracle:banking_digital_experienceoracle:banking_enterprise_default_managementoracle:banking_enterprise_default_managmentoracle:banking_loans_servicingoracle:banking_party_managementoracle:banking_platformoracle:bi_publisheroracle:big_data_spatial_and_graphoracle:business_activity_monitoringoracle:business_intelligenceoracle:business_process_management_suiteoracle:clinicaloracle:commerce_guided_searchoracle:commerce_platformoracle:communications_application_session_controlleroracle:communications_billing_and_revenue_managementoracle:communications_billing_and_revenue_management_elastic_charging_engineoracle:communications_calendar_serveroracle:communications_cloud_native_core_automated_test_suiteoracle:communications_cloud_native_core_binding_support_functionoracle:communications_cloud_native_core_consoleoracle:communications_cloud_native_core_network_function_cloud_native_environmentoracle:communications_cloud_native_core_network_repository_functionoracle:communications_cloud_native_core_policyoracle:communications_cloud_native_core_security_edge_protection_proxyoracle:communications_cloud_native_core_service_communication_proxyoracle:communications_cloud_native_core_unified_data_repositoryoracle:communications_contacts_serveroracle:communications_converged_application_server_-_service_controlleroracle:communications_convergenceoracle:communications_convergent_charging_controlleroracle:communications_data_modeloracle:communications_design_studiooracle:communications_diameter_signaling_routeoracle:communications_eagle_application_processororacle:communications_instant_messaging_serveroracle:communications_interactive_session_recorderoracle:communications_messaging_serveroracle:communications_metasolv_solutionoracle:communications_network_charging_and_controloracle:communications_network_integrityoracle:communications_offline_mediation_controlleroracle:communications_operations_monitororacle:communications_pricing_design_centeroracle:communications_service_brokeroracle:communications_services_gatekeeperoracle:communications_session_border_controlleroracle:communications_unified_inventory_managementoracle:communications_webrtc_session_controlleroracle:data_integratororacle:database_serveroracle:demantra_demand_managementoracle:documakeroracle:e-business_suiteoracle:enterprise_communications_brokeroracle:enterprise_data_qualityoracle:enterprise_manager_base_platformoracle:enterprise_manager_ops_centeroracle:enterprise_session_border_controlleroracle:essbaseoracle:essbase_administration_servicesoracle:financial_services_analytical_applications_infrastructureoracle:financial_services_behavior_detection_platformoracle:financial_services_enterprise_case_managementoracle:financial_services_foreign_account_tax_compliance_act_managementoracle:financial_services_model_management_and_governanceoracle:financial_services_trade-based_anti_money_launderingoracle:flexcube_investor_servicingoracle:flexcube_private_bankingoracle:fujitsu_m10-1oracle:fujitsu_m10-1_firmwareoracle:fujitsu_m10-4oracle:fujitsu_m10-4_firmwareoracle:fujitsu_m10-4soracle:fujitsu_m10-4s_firmwareoracle:fujitsu_m12-1oracle:fujitsu_m12-1_firmwareoracle:fujitsu_m12-2oracle:fujitsu_m12-2_firmwareoracle:fujitsu_m12-2soracle:fujitsu_m12-2s_firmwareoracle:fusion_middlewareoracle:fusion_middleware_mapvieweroracle:goldengateoracle:goldengate_application_adaptersoracle:graalvmoracle:graph_server_and_clientoracle:health_sciences_clinical_development_analyticsoracle:health_sciences_inform_crf_submitoracle:health_sciences_information_manageroracle:healthcare_data_repositoryoracle:healthcare_foundationoracle:healthcare_translational_researchoracle:hospitality_cruise_shipboard_property_management_systemoracle:hospitality_opera_5_property_servicesoracle:hospitality_reporting_and_analyticsoracle:hospitality_suite8oracle:http_serveroracle:hyperion_financial_managementoracle:hyperion_ilearningoracle:hyperion_infrastructure_technologyoracle:instantis_enterprisetrackoracle:insurance_data_gatewayoracle:insurance_insbridge_rating_and_underwritingoracle:insurance_policy_administrationoracle:insurance_policy_administration_j2eeoracle:insurance_rules_paletteoracle:java_seoracle:jd_edwards_enterpriseone_orchestratororacle:jdkoracle:managed_file_transferoracle:mysql_clusteroracle:mysql_connectorsoracle:mysql_serveroracle:mysql_workbenchoracle:nosql_databaseoracle:oss_support_toolsoracle:peoplesoft_enterprise_cs_sa_integration_packoracle:peoplesoft_enterprise_people_toolsoracle:peoplesoft_enterprise_peopletoolsoracle:policy_automationoracle:primavera_analyticsoracle:primavera_data_warehouseoracle:primavera_gatewayoracle:primavera_p6_enterprise_project_portfolio_managementoracle:primavera_p6_professional_project_managementoracle:primavera_portfolio_managementoracle:primavera_unifieroracle:rapid_planningoracle:real-time_decision_serveroracle:real_user_experience_insightoracle:rest_data_servicesoracle:retail_allocationoracle:retail_analyticsoracle:retail_assortment_planningoracle:retail_back_officeoracle:retail_central_officeoracle:retail_customer_insightsoracle:retail_customer_management_and_segmentation_foundationoracle:retail_eftlinkoracle:retail_extract_transform_and_loadoracle:retail_financial_integrationoracle:retail_fiscal_managementoracle:retail_integration_busoracle:retail_invoice_matchingoracle:retail_merchandising_systemoracle:retail_order_brokeroracle:retail_order_management_systemoracle:retail_point-of-saleoracle:retail_predictive_application_serveroracle:retail_price_managementoracle:retail_returns_managementoracle:retail_service_backboneoracle:retail_size_profile_optimizationoracle:retail_xstore_point_of_serviceoracle:sd-wan_awareoracle:sd-wan_edgeoracle:secure_backuporacle:siebel_applicationsoracle:solarisoracle:spatial_studiooracle:thesaurus_management_systemoracle:timesten_in-memory_databaseoracle:utilities_frameworkoracle:utilities_testing_acceleratororacle:vm_virtualboxoracle:webcenter_portaloracle:weblogic_serveroracle:zfs_storage_appliance_kitoracle:zfs_storage_application_integration_engineering_softwareredhat:enterprise_linuxredhat:fuseredhat:hibernate_validatorredhat:jboss_data_gridredhat:jboss_enterprise_application_platformredhat:openshift_application_runtimesredhat:single_sign-on

Faiblesses (CWE)

CWE-79CWE-79

References

https://access.redhat.com/errata/RHSA-2020:0159(secalert@redhat.com)

https://access.redhat.com/errata/RHSA-2020:0160(secalert@redhat.com)

https://access.redhat.com/errata/RHSA-2020:0161(secalert@redhat.com)

https://access.redhat.com/errata/RHSA-2020:0164(secalert@redhat.com)

https://access.redhat.com/errata/RHSA-2020:0445(secalert@redhat.com)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219(secalert@redhat.com)

https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56cee(secalert@redhat.com)

https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe(secalert@redhat.com)

https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219(secalert@redhat.com)

https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit(secalert@redhat.com)

https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E(secalert@redhat.com)

https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E(secalert@redhat.com)

https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E(secalert@redhat.com)

https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E(secalert@redhat.com)

https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E(secalert@redhat.com)

https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E(secalert@redhat.com)

https://security.netapp.com/advisory/ntap-20220210-0024/(secalert@redhat.com)

https://www.oracle.com/security-alerts/cpujan2022.html(secalert@redhat.com)

https://access.redhat.com/errata/RHSA-2020:0159(af854a3a-2127-422b-91ae-364da2661108)

https://access.redhat.com/errata/RHSA-2020:0160(af854a3a-2127-422b-91ae-364da2661108)

https://access.redhat.com/errata/RHSA-2020:0161(af854a3a-2127-422b-91ae-364da2661108)

https://access.redhat.com/errata/RHSA-2020:0164(af854a3a-2127-422b-91ae-364da2661108)

https://access.redhat.com/errata/RHSA-2020:0445(af854a3a-2127-422b-91ae-364da2661108)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/hibernate/hibernate-validator/commit/124b7dd6d9a4ad24d4d49f74701f05a13e56ceee(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/hibernate/hibernate-validator/commit/20d729548511ac5cff6fd459f93de137195420fe(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-10219(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Origin/CVE-2019-10219/exploit(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E(af854a3a-2127-422b-91ae-364da2661108)

https://security.netapp.com/advisory/ntap-20220210-0024/(af854a3a-2127-422b-91ae-364da2661108)

https://www.oracle.com/security-alerts/cpujan2022.html(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.