Описание
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:odoo:odoo:9.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:9.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:community:*:*:*
cpe:2.3:a:odoo:odoo:10.0:*:*:*:enterprise:*:*:*
EPSS
Процентиль: 49%
0.00258
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 5.3
debian
больше 6 лет назад
Incorrect access control in the portal messaging system in Odoo Commun ...
CVSS3: 5.3
github
больше 3 лет назад
Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess document attribute values, via crafted parameters.
EPSS
Процентиль: 49%
0.00258
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-284