Improper Access Control Vulnerability in Odoo Enterprise Helpdesk App
CVE-2018-15640

8.1HIGH

Key Information:

Vendor: Odoo
Status: Odoo Enterprise
Vendor: CVE Published:; 9 April 2019

What is CVE-2018-15640?

The Helpdesk App in Odoo Enterprise versions 10.0 through 12.0 is afflicted by an improper access control vulnerability that enables remote, authenticated attackers to exploit a crafted request to achieve elevated privileges. This security flaw can significantly compromise the integrity and functionality of the affected applications, allowing unauthorized users to perform actions typically reserved for privileged accounts.

Affected Version(s)

Odoo Enterprise <= 12.0

Odoo Enterprise 10.0

References

https://github.com/odoo/odoo/issues/32514

x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Aug 21, 2018