CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11467

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.749

EPSS Ranking 98.8%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2017-11467

Orientdb » Orientdb » Version: 2.0.14

cpe:2.3:a:orientdb:orientdb:2.0.14
Orientdb » Orientdb » Version: 2.1.0

cpe:2.3:a:orientdb:orientdb:2.1.0
Orientdb » Orientdb » Version: 2.2.15

cpe:2.3:a:orientdb:orientdb:2.2.15
Orientdb » Orientdb » Version: 2.2.16

cpe:2.3:a:orientdb:orientdb:2.2.16
Orientdb » Orientdb » Version: 2.2.17

cpe:2.3:a:orientdb:orientdb:2.2.17
Orientdb » Orientdb » Version: 2.2.18

cpe:2.3:a:orientdb:orientdb:2.2.18
Orientdb » Orientdb » Version: 2.2.19

cpe:2.3:a:orientdb:orientdb:2.2.19
Orientdb » Orientdb » Version: 2.2.20

cpe:2.3:a:orientdb:orientdb:2.2.20
Orientdb » Orientdb » Version: 2.2.21

cpe:2.3:a:orientdb:orientdb:2.2.21
Orientdb » Orientdb » Version: 2.2.22

cpe:2.3:a:orientdb:orientdb:2.2.22

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11467

Products

Pricing

Contact Us