Description

The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

Remediation

References

https://www.kb.cert.org/vuls/id/845332

Related Vulnerabilities

CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2018-1047 Vulnerability in maven package org.wildfly:wildfly-undertow

CVE-2020-2220 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2019-10799 Vulnerability in npm package compile-sass

CVE-2020-9548 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory US Government Resource