Vulnerabilities > Orientdb

DATE CVE VULNERABILITY TITLE RISK
2017-07-20 CVE-2017-11467 Improper Privilege Management vulnerability in Orientdb
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
network
low complexity
orientdb CWE-269
critical
9.8
2015-12-31 CVE-2015-2918 Improper Input Validation vulnerability in Orientdb 2.0.14/2.1.0
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
network
orientdb CWE-20
4.3
2015-12-31 CVE-2015-2913 Information Exposure vulnerability in Orientdb 2.0.14/2.1.0
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
network
orientdb CWE-200
4.3
2015-12-31 CVE-2015-2912 Cross-Site Request Forgery (CSRF) vulnerability in Orientdb 2.0.14/2.1.0
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
network
orientdb CWE-352
6.8