PT-2015-5976 · Orientdb · Orientdb Server Community Edition

Raffaela Frank

Publicado

2015-12-31

Atualizado

2018-10-18

CVE-2015-2918

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OrientDB Server Community Edition versions 2.0.0 through 2.0.14 OrientDB Server Community Edition versions 2.1.x prior to 2.1.1

Description The issue allows remote attackers to conduct clickjacking attacks via a crafted web site, due to the Studio component not properly restricting use of FRAME elements.

Recommendations For OrientDB Server Community Edition versions 2.0.0 through 2.0.14, update to version 2.0.15 or later. For OrientDB Server Community Edition versions 2.1.x prior to 2.1.1, update to version 2.1.1 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-2918

GHSA-G4GG-9F62-JFPH

Produtos afetados

Orientdb Server Community Edition

PT-2015-5976 · Orientdb · Orientdb Server Community Edition

CVE-2015-2918

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4