Improper Input Validation in Odoo Community and Enterprise by Odoo
CVE-2018-15632

8.2HIGH

Key Information:

Vendor: Odoo
Status: Odoo Community; Odoo Enterprise
Vendor: CVE Published:; 22 December 2020

What is CVE-2018-15632?

The vulnerability occurs due to insufficient input validation in the database creation logic used in both Odoo Community 11.0 and Odoo Enterprise 11.0. This flaw allows remote attackers to exploit the system by initializing an empty database, enabling access with default credentials. Such unauthorized access could lead to further compromises, highlighting the importance of stringent validation mechanisms to safeguard database integrity.

Affected Version(s)

Odoo Community <= 11.0

Odoo Enterprise <= 11.0

References

https://github.com/odoo/odoo/issues/63700

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2020
Vulnerability Reserved
Aug 21, 2018

Credit

P. Valov (SoCyber)