Medium severity5.9NVD Advisory· Published Dec 31, 2015· Updated Jun 17, 2026
CVE-2015-2913
CVE-2015-2913
Description
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.orientechnologies:orientdb-serverMaven | < 2.0.15 | 2.0.15 |
com.orientechnologies:orientdb-serverMaven | >= 2.1.0, < 2.1.1 | 2.1.1 |
Affected products
3Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-v6wr-fch2-vm5wghsaADVISORY
- github.com/orientechnologies/orientdb/commit/668ece96be210e742a4e2820a3085b215cf55104nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-2913ghsaADVISORY
- www.kb.cert.org/vuls/id/845332nvdThird Party AdvisoryUS Government ResourceWEB
News mentions
0No linked articles in our index yet.