Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

https://www.kb.cert.org/vuls/id/845332

Related Vulnerabilities

CVE-2019-1003075 Vulnerability in maven package org.jenkins-ci.plugins:audit2db

CVE-2023-5654 Vulnerability in npm package react-devtools-core

CVE-2019-19771 Vulnerability in npm package bp66

CVE-2022-24375 Vulnerability in npm package node-opcua

CVE-2019-9737 Vulnerability in maven package org.webjars.bower:editor.md

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory US Government Resource