CVE-2019-14900

MEDIUM

Redhat Openstack < 5.3.18 - SQL Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-14900. PoCs published by shanika04.

AI-analyzed exploit summary This repository appears to be a fork of the Hibernate ORM project with no exploit-specific code or analysis for CVE-2019-14900. It contains standard project files like .travis.yml, CONTRIBUTING.md, and README.md, but no PoC, scanner, or technical writeup related to the vulnerability.

Description

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Exploits (1)

nomisec STUB

by shanika04 · poc

https://github.com/shanika04/hibernate-orm

View Code ZIP pw:eip

This repository appears to be a fork of the Hibernate ORM project with no exploit-specific code or analysis for CVE-2019-14900. It contains standard project files like .travis.yml, CONTRIBUTING.md, and README.md, but no PoC, scanner, or technical writeup related to the vulnerability.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Hibernate ORM

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Issue Tracking, Third Party Advisory x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=1666499

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20220210-0020/

Scores

CVSS v3 6.5

EPSS 0.0170

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-89

Status published

Products (16)

hibernate/hibernate_orm < 5.3.18

org.hibernate/hibernate-core 0 - 5.3.18Maven

quarkus/quarkus < 1.5.2

redhat/build_of_quarkus

redhat/decision_manager 7.0

redhat/fuse < 7.8.0

redhat/jboss_data_grid 7.0.0

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_application_platform 7.3

redhat/jboss_enterprise_application_platform 7.4

... and 6 more

Published Jul 06, 2020

Tracked Since Feb 18, 2026