IssueDescription: It was discovered that the implementation of org.hibernate.validator.util.ReflectionHelper together with the permissions required to run Hibernate Validator under the Java Security Manager could allow a malicious application deployed in the same application container to execute several actions with escalated privileges, which might otherwise not be possible. This flaw could be used to perform various attacks, including but not restricted to, arbitrary code execution in systems that are otherwise secured by the Java Security Manager.
Upstream Issue: https://hibernate.atlassian.net/browse/HV-912
Victims Record: https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
This issue has been addressed in the following products: JBoss Enterprise Application Platform 6.3.1 Via RHSA-2014:1288 https://rhn.redhat.com/errata/RHSA-2014-1288.html
This issue has been addressed in the following products: JBEAP 6.3.z for RHEL 7 Via RHSA-2014:1287 https://rhn.redhat.com/errata/RHSA-2014-1287.html
This issue has been addressed in the following products: JBEAP 6.3.z for RHEL 5 Via RHSA-2014:1286 https://rhn.redhat.com/errata/RHSA-2014-1286.html
This issue has been addressed in the following products: JBEAP 6.3.z for RHEL 6 Via RHSA-2014:1285 https://rhn.redhat.com/errata/RHSA-2014-1285.html
This issue has been addressed in the following products: JBoss Web Framework Kit 2.7.0 Via RHSA-2015:0125 https://rhn.redhat.com/errata/RHSA-2015-0125.html
This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2015:0235 https://rhn.redhat.com/errata/RHSA-2015-0235.html
This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2015:0234 https://rhn.redhat.com/errata/RHSA-2015-0234.html
This issue has been addressed in the following products: Red Hat JBoss Fuse Service Works 6.0.0 Via RHSA-2015:0720 https://rhn.redhat.com/errata/RHSA-2015-0720.html