com.orientechnologies:orientdb-community (=2.1.0), com.orientechnologies:orientdb-distributed (=2.1.0) +4 more potentially affected by CVE-2015-2913 via com.orientechnologies:orientdb-server (=2.1.0)

com.orientechnologies:orientdb-server MAVEN version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.orientechnologies:orientdb-server and may be impacted: - com.orientechnologies:orientdb-community =2.1.0 -...

com.orientechnologies:orientdb (>=1.0 <=1.5.1), com.orientechnologies:orientdb-community (>=1.6.5 <=2.0.14) +17 more potentially affected by CVE-2015-2913 via com.orientechnologies:orientdb-server (>=1.0 <=2.0.14)

com.orientechnologies:orientdb-server MAVEN version =1.0, =1.0, =1.6.5, =1.1.0, =2.0, =1.1.0, =2.0, =1.7, =1.0, =0.1.17, =0.2.14 - org.ops4j.orient.samples:orient-sample1 =0.3.0 - org.ops4j.orient.samples:orient-sample2 =0.3.0 - org.ops4j.orient:orient-ra =0.3.0 - org.ops4j.orient:orient-ra-api...

CVE-2015-2913

OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 is affected by CVE-2015-2913 due to using java.util.Random for Session ID generation in server/network/protocol/http/OHttpSessionManager.java, which can allow remote attackers to predict session IDs. The issue is documente...