CVE-2018-14863
First published: Wed Jul 03 2019(Updated: )
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =11.0 | |
| Odoo Odoo | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-14863?
CVE-2018-14863 is a vulnerability in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 that allows authenticated users to call private functions via RPC.
How severe is CVE-2018-14863?
CVE-2018-14863 has a severity rating of 8.1 (high).
Which versions of Odoo are affected by CVE-2018-14863?
Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 are affected by CVE-2018-14863.
How can the incorrect access control vulnerability be exploited?
Authenticated users can exploit the incorrect access control vulnerability by calling private functions via RPC.
Is there a fix available for CVE-2018-14863?
It is recommended to update to the latest version of Odoo Community or Odoo Enterprise to fix CVE-2018-14863.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/9.0
- version/odoo odoo/10.0
- version/odoo odoo/11.0