Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

https://www.kb.cert.org/vuls/id/845332

Related Vulnerabilities

CVE-2021-21297 Vulnerability in npm package @node-red/runtime

CVE-2023-40338 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder

CVE-2020-7604 Vulnerability in npm package pulverizr

CVE-2015-9244 Vulnerability in npm package mysql

CVE-2015-5298 Vulnerability in maven package org.jenkins-ci.plugins:google-login

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory US Government Resource