What is the severity of CVE-2019-14900?

CVE-2019-14900 is classified as a high-severity vulnerability due to the potential for SQL injection attacks.

How do I fix CVE-2019-14900?

To mitigate CVE-2019-14900, upgrade Hibernate ORM to version 5.3.18, 5.4.18, or 5.5.0.Beta1 or later.

What types of applications are affected by CVE-2019-14900?

CVE-2019-14900 affects applications that use Hibernate ORM versions prior to 5.3.18, 5.4.18, and 5.5.0.Beta1.

What causes CVE-2019-14900?

CVE-2019-14900 is caused by a SQL injection vulnerability in the JPA Criteria API implementation within Hibernate ORM.

Can I test if my application is vulnerable to CVE-2019-14900?

Yes, you can test for CVE-2019-14900 by checking if your application uses vulnerable versions of Hibernate ORM.

Vulnerability/
CVE-2019-14900

medium

6.5

CWE

15/1/2019

12/5/2020

6/7/2020

10/2/2022

5/8/2024

CVE-2019-14900: SQL Injection

First published: Tue Jan 15 2019(Updated: )

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Credit: secalert@redhat.com secalert@redhat.com

Remedy

There is no currently known mitigation for this flaw.

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2019-14900?
CVE-2019-14900 is classified as a high-severity vulnerability due to the potential for SQL injection attacks.
How do I fix CVE-2019-14900?
To mitigate CVE-2019-14900, upgrade Hibernate ORM to version 5.3.18, 5.4.18, or 5.5.0.Beta1 or later.
What types of applications are affected by CVE-2019-14900?
CVE-2019-14900 affects applications that use Hibernate ORM versions prior to 5.3.18, 5.4.18, and 5.5.0.Beta1.
What causes CVE-2019-14900?
CVE-2019-14900 is caused by a SQL injection vulnerability in the JPA Criteria API implementation within Hibernate ORM.
Can I test if my application is vulnerable to CVE-2019-14900?
Yes, you can test for CVE-2019-14900 by checking if your application uses vulnerable versions of Hibernate ORM.

collector/redhat-cve
agent/type
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-14900
agent/software-canonical-lookup
agent/weakness
agent/remedy
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-8grg-q944-cch5
agent/description
agent/references
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/redhat
package-manager/maven
vendor/hibernate
canonical/hibernate orm
version/hibernate orm/5.4.0
vendor/redhat
canonical/red hat quarkus
canonical/red hat decision manager
version/red hat decision manager/7.0
canonical/red hat fuse
canonical/red hat jboss data grid
version/red hat jboss data grid/7.0.0
canonical/jboss enterprise application platform
canonical/red hat jboss middleware
canonical/red hat openstack for ibm power
version/red hat openstack for ibm power/10
version/red hat openstack for ibm power/13
version/red hat openstack for ibm power/14
canonical/red hat single sign-on
vendor/quarkus
version/red hat quarkus/1.5.2
version/jboss enterprise application platform/7.3
version/jboss enterprise application platform/7.4
canonical/red hat enterprise linux
version/red hat enterprise linux/8.0
version/red hat enterprise linux/7.0
version/red hat enterprise linux/6.0
version/jboss enterprise application platform/7.2