CVE-2018-14868
MEDIUMOdoo 9.0 - Authenticated Password Change via RPC Call
Title source: llmDescription
Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current password via a crafted RPC call.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://github.com/odoo/odoo/commits/master
Patch, Third Party Advisory x_refsource_confirm
https://github.com/odoo/odoo/issues/32507
Scores
CVSS v3
6.5
EPSS
0.0060
EPSS Percentile
44.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (1)
odoo/odoo
9.0 (2 CPE variants)
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026