Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2021-91632
HistoryNov 19, 2021 - 12:00 a.m.

ArangoDB Command Execution Vulnerability

2021-11-1900:00:00
China National Vulnerability Database
www.cnvd.org.cn
10

0.001 Low

EPSS

Percentile

42.9%

JSON

ArangoDB is a native multi-model database with both key/value key/value pairs, graph and document data models, providing a unified database query language covering all three data models and allowing a mix of all three models in a single query. vulnerability that is susceptible to Insufficient Session Expiration, where a session does not expire when an administrator changes a user’s password, allowing a malicious user to still log in and perform arbitrary actions within the system. An attacker can successfully exploit this vulnerability to execute arbitrary commands.

CPENameOperatorVersion
ArangoDB ArangoDB >=3.7.6,le3.8.3

Related

cve 1
osv 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2021-25940
2021-11-16 10:15:06
osv
osv
CVE-2021-25940
2021-11-16 10:15:06
cvelist
cvelist
CVE-2021-25940 ArangoDB - Insufficient Session Expiration after Password Change
2021-11-16 09:25:09
prion
prion
Session fixation
2021-11-16 10:15:00
nvd
nvd
CVE-2021-25940
2021-11-16 10:15:06

0.001 Low

EPSS

Percentile

42.9%

JSON
Related for CNVD-2021-91632
cve1osv1cvelist1prion1nvd1