CVE-2015-2912
Description
The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted HTTP request.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.343
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-2918,CVE-2015-2912 are fixed in Orientechnologies - orientdb-studio 2.0.15 | Windows |
| Vulnerabilities CVE-2015-2918,CVE-2015-2912 are fixed in Orientechnologies - orientdb-studio 2.1.1 | Windows |
| Vulnerabilities CVE-2015-2918,CVE-2015-2912 are fixed in Orientechnologies - orientdb-studio for Linux 2.0.15 | Linux |
| Vulnerabilities CVE-2015-2918,CVE-2015-2912 are fixed in Orientechnologies - orientdb-studio for Linux 2.1.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234