SSD Advisory – OrientDB Code Execution
From the webpage:
Want to get paid for a vulnerability similar to this one?
Contact us at: ssd@beyondsecurity.com
Vulnerability Summary
The following advisory reports a vulnerability in OrientDB which allows users of the product to cause it to execute code.
OrientDB is a Distributed Graph Database engine with the flexibility of a Document Database all in one product. The first and best scalable, high-performance, operational NoSQL database.
Credit
An independent security researcher, Francis Alexander, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
The vendor has released patches to address this vulnerability.
For more information: https://github.com/orientechnologies/orientdb/wiki/OrientDB-2.2-Release-Notes#security.
…
Some vulnerabilities require deep code analysis, others, well, just asking the right questions.
If you are looking for summer pocket change, check out default users, permissions, etc. on popular software.