CVE-2018-15632: Input Validation
First published: Tue Dec 22 2020(Updated: )
Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.
Credit: security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | <=11.0 | |
| Odoo Odoo | <=11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-15632?
CVE-2018-15632 is a vulnerability in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier that allows remote attackers to initialize an empty database.
How severe is CVE-2018-15632?
CVE-2018-15632 has a severity rating of 9.1, which is considered critical.
What is the impacted software for CVE-2018-15632?
The impacted software for CVE-2018-15632 is Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier.
How can remote attackers exploit CVE-2018-15632?
Remote attackers can exploit CVE-2018-15632 to initialize an empty database on which they can connect with default credentials.
Is there a fix available for CVE-2018-15632?
Yes, a fix is available for CVE-2018-15632. Users should update their Odoo installation to a version that includes the fix.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/description
- agent/weakness
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/11.0