Improper input validation in Odoo Community
CVE-2018-15632
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.006 (69.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H.
Affected products
- Odoo Community — versions unspecified
- Odoo Enterprise — versions unspecified
Weakness classification (CWE)
References
- github.com/odoo/odoo/issues/63700 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-15632?
- CVE-2018-15632 is a high-severity vulnerability in Odoo Community, classified under Improper Input Validation. CVSS score: 8.2/10. Published 2020-12-22.
- How severe is CVE-2018-15632?
- High severity. CVSS v3 base score is 8.2 out of 10.