CVE-2015-2913

Published: Dec 31, 2015Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.

Affected (2)

Products: Orientdb: Orientdb

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Orientdb Orientdb	Version 2.0.14
Orientdb Orientdb	Version 2.1.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104

Source: cret@cert.org

Vendor Advisory

https://www.kb.cert.org/vuls/id/845332

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.kb.cert.org/vuls/id/845332

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.