CVE-2015-2918 – com.orientechnologies:orientdb-studio

Package

Manager: maven
Name: com.orientechnologies:orientdb-studio
Vulnerable Version: >=0 <2.0.15 || =2.1.0 || >=2.1.0 <2.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00438 pctl0.62215

Details

OrientDB Studio web management interface is vulnerable to clickjacking attacks The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Metadata

Created: 2018-10-18T17:41:40Z
Modified: 2023-09-29T11:39:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-g4gg-9f62-jfph/GHSA-g4gg-9f62-jfph.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-g4gg-9f62-jfph
Finding: F184
Auto approve: 1