CVE-2017-11467 – com.orientechnologies:orientdb-core

Package

Manager: maven
Name: com.orientechnologies:orientdb-core
Vulnerable Version: >=0 <2.2.23

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.74861 pctl0.98826

Details

OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Metadata

Created: 2018-10-18T17:40:56Z
Modified: 2024-02-20T16:27:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-xm6r-4466-mr74/GHSA-xm6r-4466-mr74.json
CWE IDs: ["CWE-269"]
Alternative ID: GHSA-xm6r-4466-mr74
Finding: F159
Auto approve: 1