What is CVE-2015-2912?

CVE-2015-2912 is a high-severity vulnerability in Orientdb, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2015-12-31.

How severe is CVE-2015-2912?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2015-2912 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

CSRF in Orientdb

CVE-2015-2912

The JSONP endpoint in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict callback values, which allows remote attackers to conduct cross-site request forgery (CSRF) att…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.002 (44.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Orientdb — versions 2.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

VU#845332 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-2912?: CVE-2015-2912 is a high-severity vulnerability in Orientdb, classified under Cross-Site Request Forgery (CSRF). CVSS score: 8.8/10. Published 2015-12-31.
How severe is CVE-2015-2912?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2015-2912 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.