CVE-2018-14868
First published: Fri Jun 28 2019(Updated: )
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | =9.0 | |
| Odoo Odoo | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2018-14868?
CVE-2018-14868 is a vulnerability in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 that allows authenticated users to change the password of other users without knowing their current password.
What is the severity of CVE-2018-14868?
The severity of CVE-2018-14868 is medium.
How can authenticated users exploit CVE-2018-14868?
Authenticated users can exploit CVE-2018-14868 by making a crafted RPC call to change the password of other users without knowing their current password.
Which software versions are affected by CVE-2018-14868?
CVE-2018-14868 affects Odoo Community 9.0 and Odoo Enterprise 9.0.
Is there a fix available for CVE-2018-14868?
Yes, a fix for CVE-2018-14868 is available. It is recommended to update to the latest version of Odoo Community or Odoo Enterprise to mitigate the vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/9.0