server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote malicious users to predict a value by determining the internal state of the PRNG in this class.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
orientdb orientdb 2.1.0 |
||
orientdb orientdb 2.0.14 |