CVE-2018-15632

CRITICAL

Odoo < 11.0 - Unauthenticated Database Initialization via Improper Input Validation

Title source: llm
STIX 2.1

Description

Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials.

References (1)

Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/odoo/odoo/issues/63700

Scores

CVSS v3 9.1
EPSS 0.0117
EPSS Percentile 63.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-20
Status published
Products (1)
odoo/odoo < 11.0 (2 CPE variants)
Published Dec 22, 2020
Tracked Since Feb 18, 2026