Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
orientdb vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-2912
The JSONP endpoint in the Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 does not properly restrict callback values, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive info...
Orientdb Orientdb 2.1.0
Orientdb Orientdb
4.3
CVSSv2
CVE-2015-2913
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote...
Orientdb Orientdb 2.1.0
Orientdb Orientdb 2.0.14
4.3
CVSSv2
CVE-2015-2918
The Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Orientdb Orientdb 2.0.14
Orientdb Orientdb 2.1.0
10
CVSSv2
CVE-2017-11467
OrientDB up to and including 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote malicious users to execute arbitrary OS commands via a crafted request.
Orientdb Orientdb
1 EDB exploit
2 Github repositories
6.5
CVSSv2
CVE-2020-6230
SAP OrientDB, version 3.0, allows an authenticated attacker with script execute/write permissions to inject code that can be executed by the application and lead to Code Injection. An attacker could thereby control the behavior of the application.
Sap Orientdb 3.0
5
CVSSv2
CVE-2019-25021
An issue exists in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code.
Scytl Secure Vote 2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started