Vulnerabilities
Vulnerable Software
Orientdb:  >> Orientdb  Security Vulnerabilities
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.749
Published
2017-07-20
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
CVSS Score
6.1
EPSS Score
0.004
Published
2015-12-31
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
CVSS Score
5.9
EPSS Score
0.006
Published
2015-12-31
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
CVSS Score
8.8
EPSS Score
0.003
Published
2015-12-31


Contact Us

Shodan ® - All rights reserved