CVE-2018-14862
First published: Wed Jul 03 2019(Updated: )
Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a crafted RPC request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =11.0 | |
| Odoo Odoo | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-14862?
CVE-2018-14862 is a vulnerability in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier that allows authenticated internal users to delete arbitrary menuitems.
How can this vulnerability be exploited?
This vulnerability can be exploited by authenticated internal users who can send a crafted RPC request to delete arbitrary menuitems.
What is the severity of CVE-2018-14862?
The severity of CVE-2018-14862 is medium with a score of 6.5.
Which versions of Odoo are affected by this vulnerability?
Odoo Community 11.0 and earlier, as well as Odoo Enterprise 11.0 and earlier, are affected by this vulnerability.
Is there a fix available for CVE-2018-14862?
Yes, it is recommended to upgrade to a fixed version of Odoo to mitigate this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/9.0
- version/odoo odoo/10.0
- version/odoo odoo/11.0