CVE-2018-14864
First published: Wed Jul 03 2019(Updated: )
Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =8.0 | |
| Odoo Odoo | =8.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =10.0 | |
| Odoo Odoo | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2018-14864.
What is the severity level of CVE-2018-14864?
The severity level of CVE-2018-14864 is medium.
How does CVE-2018-14864 work?
CVE-2018-14864 allows remote authenticated users to inject arbitrary web script via a crafted attachment in Odoo.
Which versions of Odoo are affected by CVE-2018-14864?
Odoo Community 9.0 through 11.0 and earlier, and Odoo Enterprise 9.0 through 11.0 and earlier are affected by CVE-2018-14864.
Is there a fix for CVE-2018-14864?
Yes, a fix for CVE-2018-14864 is available. Please refer to the reference link for more information.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/8.0
- version/odoo odoo/9.0
- version/odoo odoo/10.0