High

DATE	CVE	VULNERABILITY TITLE	RISK
2015-12-31	CVE-2015-2912	Cross-Site Request Forgery (CSRF) vulnerability in Orientdb 2.0.14/2.1.0 The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request. network low complexity orientdb CWE-352	8.8