CVE-2019-11782
First published: Tue Dec 22 2020(Updated: )
Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.
Credit: security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | <=14.0 | |
| Odoo Odoo | <=14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-11782.
What is the title of this vulnerability?
The title of this vulnerability is "Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier allows remote authenticated users to modify user accounts, leading to privilege escalation."
What is the impact of this vulnerability?
This vulnerability allows remote authenticated users to modify user accounts, leading to privilege escalation.
Which software versions are affected by this vulnerability?
Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier are affected by this vulnerability.
How severe is this vulnerability?
This vulnerability has a severity rating of medium with a CVSS score of 6.5.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/14.0