CVE-2015-2918

{"id": "CVE-2015-2918", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2015-12-31T05:59:10.440", "references": [{"url": "https://www.kb.cert.org/vuls/id/845332", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.kb.cert.org/vuls/id/845332", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site."}, {"lang": "es", "value": "El componente Studio en OrientDB Server Community Edition en versiones anteriores a 2.0.15 y 2.1.x en versiones anteriores a 2.1.1 no restringe correctamente el uso de elementos FRAME, lo que hace m\u00e1s f\u00e1cil para atacantes remotos llevar a cabo ataques de clickjacking a trav\u00e9s de un sitio web manipulado."}], "lastModified": "2024-11-21T02:28:19.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:orientdb:orientdb:2.0.14:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "6D3EEB60-F819-4F15-962C-06DDA45896E9"}, {"criteria": "cpe:2.3:a:orientdb:orientdb:2.1.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C913E0D2-2E28-4BB6-957C-9832193C3FB4"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}