OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random
class for generation of random Session ID values in the server/network/protocol/http/OHttpSessionManager.java
, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.