CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-2913

server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.1%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104
https://www.kb.cert.org/vuls/id/845332
https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104
https://www.kb.cert.org/vuls/id/845332

Products affected by CVE-2015-2913

Orientdb » Orientdb » Version: 2.0.14

cpe:2.3:a:orientdb:orientdb:2.0.14
Orientdb » Orientdb » Version: 2.1.0

cpe:2.3:a:orientdb:orientdb:2.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-2913

Products

Pricing

Contact Us