Information disclosure in Orientdb
CVE-2015-2913
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID val…
Vulnerability class: Information Disclosure
EPSS: 0.005 (66.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Orientdb — versions 2.0.14, 2.1.0
- N/a — versions n/a
Weakness classification (CWE)
References
- VU#845332 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)
- cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2015-2913?
- CVE-2015-2913 is a medium-severity vulnerability in Orientdb, classified under Information Disclosure. CVSS score: 5.9/10. Published 2015-12-31.
- How severe is CVE-2015-2913?
- Medium severity. CVSS v3 base score is 5.9 out of 10.