Name of the Vulnerable Software and Affected Versions Tryton versions 4.2 through 4.2.20 Tryton versions 4.4 through 4.4.18 Tryton versions 4.6 through 4.6.13 Tryton versions 4.8 through 4.8.9 Tryton versions 5.0 through 5.0.5

Description The issue allows an authenticated user to order records based on a field for which they have no access right, potentially enabling them to guess values.

Recommendations For Tryton versions 4.2 through 4.2.20, update to version 4.2.21 or later. For Tryton versions 4.4 through 4.4.18, update to version 4.4.19 or later. For Tryton versions 4.6 through 4.6.13, update to version 4.6.14 or later. For Tryton versions 4.8 through 4.8.9, update to version 4.8.10 or later. For Tryton versions 5.0 through 5.0.5, update to version 5.0.6 or later.