Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

https://www.kb.cert.org/vuls/id/845332

Related Vulnerabilities

CVE-2019-10788 Vulnerability in npm package im-metadata

CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass

CVE-2019-11003 Vulnerability in maven package org.webjars.npm:materialize-css

CVE-2019-16943 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2023-37948 Vulnerability in maven package org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory US Government Resource