PT-2015-5976 · Orientdb · Orientdb Server Community Edition

Raffaela Frank

Published

2015-12-31

Updated

2018-10-18

CVE-2015-2918

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OrientDB Server Community Edition versions 2.0.0 through 2.0.14 OrientDB Server Community Edition versions 2.1.x prior to 2.1.1

Description The issue allows remote attackers to conduct clickjacking attacks via a crafted web site, due to the Studio component not properly restricting use of FRAME elements.

Recommendations For OrientDB Server Community Edition versions 2.0.0 through 2.0.14, update to version 2.0.15 or later. For OrientDB Server Community Edition versions 2.1.x prior to 2.1.1, update to version 2.1.1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2015-2918

GHSA-G4GG-9F62-JFPH

Affected Products

Orientdb Server Community Edition

PT-2015-5976 · Orientdb · Orientdb Server Community Edition

CVE-2015-2918

Weakness Enumeration

Related Identifiers

Affected Products

References · 4