CVE-2018-14863 — Improper Access Control in Odoo

CWE-284 — Improper Access Control3 documents3 sources

Severity

8.1HIGHNVD

EPSS

0.3%

top 42.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Odoo Debian Odoo

Timeline

PublishedJul 3

Latest updateMay 24

Description

Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDodoo/odoo10.0, 11.0, 9.0+2

▶debiandebian/odoo

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-f9mq-xv4h-v289: Incorrect access control in the RPC framework in Odoo Community 8↗2022-05-24

▶

📋Vendor Advisories

Debian

CVE-2018-14863: odoo - Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0...↗2018

▶