CVE-2018-14887

Published: Jun 28, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

Exploitability: 2.2 / Impact: 4.2

Source: NVD

Description

Improper Host header sanitization in the dbfilter routing component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows a remote attacker to deny access to the service and to disclose database names via a crafted request.

Affected (6)

Products: Odoo: Odoo

Odoo

1 product

Odoo

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Odoo Odoo	Version 10.0
Odoo Odoo	Version 10.0
Odoo Odoo	Version 11.0
Odoo Odoo	Version 11.0
Odoo Odoo	Version 9.0
Odoo Odoo	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

https://github.com/odoo/odoo/commits/master

Source: cve@mitre.org

Third Party Advisory

https://github.com/odoo/odoo/issues/32511

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://github.com/odoo/odoo/commits/master

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/odoo/odoo/issues/32511

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.