PT-2019-9150 · Odoo+1 · Odoo Enterprise+1

Jérôme Maes

Published

2019-04-09

Updated

2021-02-08

CVE-2018-15640

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Odoo Enterprise versions 10.0 through 12.0

Description The issue is related to improper access control in the Helpdesk App, allowing remote authenticated attackers to gain elevated privileges by sending a crafted request.

Recommendations For Odoo Enterprise versions 10.0 through 12.0, update to a version that includes a fix for this issue to prevent exploitation.

Fix

Incorrect Authorization

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-284

Related Identifiers

ALT-PU-2021-1048

ALT-PU-2021-1236

CVE-2018-15640

Affected Products

Alt Linux

Odoo Enterprise

PT-2019-9150 · Odoo+1 · Odoo Enterprise+1

CVE-2018-15640

Weakness Enumeration

Related Identifiers

Affected Products

References · 3