{"id":"CVE-2019-14900","details":"A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.","aliases":["GHSA-8grg-q944-cch5"],"modified":"2026-05-15T12:03:42.732102481Z","published":"2020-07-06T19:15:12.230Z","related":["SUSE-SU-2020:2650-1","SUSE-SU-2020:2832-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"vendor_product":"redhat:decision_manager","cpes":["cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*"]},{"source":"CPE_FIELD","extracted_events":[{"fixed":"7.8.0"}],"vendor_product":"redhat:fuse","cpes":["cpe:2.3:a:redhat:fuse:*:*:*:*:*:*:*:*"]},{"cpes":["cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.0.0"}],"vendor_product":"redhat:jboss_data_grid","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*","cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*","cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"7.3"},{"last_affected":"7.4"},{"last_affected":"7.3"},{"last_affected":"7.4"},{"last_affected":"7.3"},{"last_affected":"7.2"},{"last_affected":"7.2"},{"last_affected":"7.2"}],"vendor_product":"redhat:jboss_enterprise_application_platform","source":"CPE_FIELD"},{"cpes":["cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*","cpe:2.3:a:redhat:openstack:14:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10"},{"last_affected":"13"},{"last_affected":"14"}],"vendor_product":"redhat:openstack","source":"CPE_FIELD"}]},"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220210-0020/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1666499"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}