CVE-2017-11467

NONE EPSS 99.4%
Published Jul 20, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jul 20, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.

Threat Intelligence

EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-269 Improper Privilege Management Authorization

Affected Products 1

VendorProductVersionRange
orientdborientdb* ≤2.2.22

References 2

  • heavensec.org http://www.heavensec.org/?p=1703
    ExploitThird Party AdvisoryURL Repurposed
  • github.com https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.