CVE-2015-2918

Published: Dec 31, 2015Modified: May 6, 2026

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Affected (2)

Products: Orientdb: Orientdb

Orientdb

1 product

Orientdb

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Orientdb Orientdb	Version 2.0.14
Orientdb Orientdb	Version 2.1.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://www.kb.cert.org/vuls/id/845332

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

https://www.kb.cert.org/vuls/id/845332

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.