Published: 20/07/2017 Updated: 14/02/2024

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

OrientDB up to and including 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote malicious users to execute arbitrary OS commands via a crafted request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
orientdb orientdb

## Vulnerability Summary The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product The first and best scalable, high-performance, operational NoSQL database ## Credit An i ...

Firewall The firewall consists of two components: kernelspace (in C) and userspace (in Python) It operates transparently between the client and server, structured as follows: Client <--> Proxy (as Server) <--> Proxy (as Client) <--> Server Kernelspace The kernelspace program is intended to be a module in the Linux kernel, communicating

CWE-269 https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017 http://www.heavensec.org/?p=1703 https://nvd.nist.gov https://github.com/eyal6699/Firewall https://www.exploit-db.com/exploits/44068/

CVE-2017-11467

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect