Lucene search

Ubuntu.comUB:CVE-2018-15632

HistoryDec 22, 2020 - 12:00 a.m.

CVE-2018-15632

2020-12-2200:00:00

ubuntu.com

input validation

database creation

remote attackers

default credentials

unix

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.002

Percentile

60.4%

JSON

Improper input validation in database creation logic in Odoo Community 11.0
and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers
to initialize an empty database on which they can connect with default
credentials.

References

github.com/odoo/odoo/issues/63700

launchpad.net/bugs/cve/CVE-2018-15632

nvd.nist.gov/vuln/detail/CVE-2018-15632

security-tracker.debian.org/tracker/CVE-2018-15632

www.cve.org/CVERecord?id=CVE-2018-15632

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.002

Percentile

60.4%

JSON

Related for UB:CVE-2018-15632