CVE-2018-14887 — Improper Input Validation in Odoo

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 37.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Odoo Debian Odoo

Timeline

PublishedJun 28

Latest updateMay 24

Description

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 2.2 | Impact: 4.2

Affected Packages2 packages

▶NVDodoo/odoo10.0, 11.0, 9.0+2

▶debiandebian/odoo

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-9c74-22fq-7f39: Improper Host header sanitization in the dbfilter routing component in Odoo Community 11↗2022-05-24

▶

📋Vendor Advisories

Debian

CVE-2018-14887: odoo - Improper Host header sanitization in the dbfilter routing component in Odoo Comm...↗2018

▶