Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Flaws in OrientDB expose databases to remote attacks

Flaws in OrientDB expose databases to remote attacks

2015/09/04

Securityweek - (International) The Computer Emergency Readiness Team (CERT) published an advisory warning of three vulnerabilities in OrientDB's Community Edition, including a cross-site request forgery (CSRF) affecting the Web administration interface in which an attacker could perform actions with user privileges, an insufficient random value issue that could allow an attacker to gain administrative privileges to the database, and an improper input validation that could allow an attacker to create specially crafted pages to launch clickjacking attacks.

Source: http://www.securityweek.com/flaws-orientdb-expose-databases-remote-attacks

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:25:09