cbcvebase.
CVE-2017-10803
published 2017-07-04

CVE-2017-10803: In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database…

PriorityP339medium6.5CVSS 3.0
AVLACLPRHUIRSUCHIHAH
EXPLOIT
EPSS
3.59%
88.0th percentile
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianodoo
odooodoo
odooodoo
odooodoo

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
nvdv2.08.5HIGHAV:N/AC:M/Au:S/C:C/I:C/A:C
vendor_debian6.5LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.