CVE-2017-11467
NONE EPSS 99.4%
Published Jul 20, 20178y ago · Modified Jun 17, 20262w ago
Published Jul 20, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.
Threat Intelligence
EPSS Exploit Probability
99.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-269 Improper Privilege Management Authorization
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| orientdb | orientdb | * | ≤2.2.22 |
References 2
- heavensec.org http://www.heavensec.org/?p=1703
- github.com https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#2223---july-11-2017
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.