Lucene search

[email protected]NVD:CVE-2018-15632

HistoryDec 22, 2020 - 5:15 p.m.

CVE-2018-15632

2020-12-2217:15:12

CWE-20

[email protected]

web.nvd.nist.gov

input validation

database creation

remote attackers

default credentials

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.

Affected configurations

Nvd

Node

odooodooRange≤11.0community

odooodooRange≤11.0enterprise

VendorProductVersionCPE
odooodoo*cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*
odooodoo*cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
odoo	odoo	*	cpe:2.3:a:odoo:odoo:::::community:::*
odoo	odoo	*	cpe:2.3:a:odoo:odoo:::::enterprise:::*

References

github.com/odoo/odoo/issues/63700

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

Related for NVD:CVE-2018-15632

cve1 debiancve1 prion1 ubuntucve1 cvelist1