CVE-2017-11467

Name of the Vulnerable Software and Affected Versions OrientDB versions prior to 2.2.22

Description The issue is related to insufficient access control in certain functions, specifically where, fetchplan, and order by. This allows remote attackers to execute arbitrary OS commands via a crafted request. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For OrientDB versions prior to 2.2.22, update to a version that enforces privilege requirements during the use of where, fetchplan, or order by to prevent the execution of arbitrary OS commands. As a temporary workaround, consider restricting access to these functions to minimize the risk of exploitation.