CVE-2018-14885 — Improper Access Control in Odoo

CWE-284 — Improper Access Control3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 27.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Odoo Debian Odoo

Timeline

PublishedJun 28

Latest updateMay 24

Description

Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the super-admin password. An arbitrary password succeeds.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDodoo/odoo10.0, 11.0+1

▶debiandebian/odoo

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-w5g8-x3j9-hg74: Incorrect access control in the database manager component in Odoo Community 10↗2022-05-24

▶

📋Vendor Advisories

Debian

CVE-2018-14885: odoo - Incorrect access control in the database manager component in Odoo Community 10....↗2018

▶