Описание
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:orientdb:orientdb:2.0.14:*:*:*:community:*:*:*
cpe:2.3:a:orientdb:orientdb:2.1.0:*:*:*:community:*:*:*
EPSS
Процентиль: 69%
0.00597
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 6.1
github
больше 7 лет назад
OrientDB Studio web management interface is vulnerable to clickjacking attacks
EPSS
Процентиль: 69%
0.00597
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-20