Vulnerability Details : CVE-2018-14868
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
Vulnerability category: BypassGain privilege
Products affected by CVE-2018-14868
- cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
- cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14868
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14868
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2018-14868
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-14868
-
https://github.com/odoo/odoo/issues/32507
[SEC] ODOO-SA-2018-08-07-7 (CVE-2018-14868) - Incorrect access control in the... · Issue #32507 · odoo/odoo · GitHubPatch;Third Party Advisory
-
https://github.com/odoo/odoo/commits/master
Commits · odoo/odoo · GitHubThird Party Advisory
Jump to