CVE-2020-25638 in WebLogic Serverinfo

Zusammenfassung (Englisch)

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

16.09.2020

Veröffentlichung

02.12.2020

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

IDSchwachstelleCWEAusMasCVE
226557Oracle WebLogic Server Core SQL Injection89Nicht definiertOffizieller FixCVE-2020-25638
197835Oracle Communications Cloud Native Core Console CNC Console SQL Injection89Nicht definiertOffizieller FixCVE-2020-25638
179228Oracle Retail Customer Management and Segmentation Foundation Hibernate SQL Injection89Nicht definiertOffizieller FixCVE-2020-25638
165532hibernate-core JPA Criteria API SQL Injection89Nicht definiertOffizieller FixCVE-2020-25638

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!