CVE-2019-11780

{"id": "CVE-2019-11780", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security@odoo.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2019-12-19T16:16:42.370", "references": [{"url": "https://github.com/odoo/odoo/issues/42196", "tags": ["Patch", "Third Party Advisory"], "source": "security@odoo.com"}, {"url": "https://github.com/odoo/odoo/issues/42196", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@odoo.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation."}, {"lang": "es", "value": "Un control de acceso inapropiado en el sistema de campos computarizados del framework de Odoo Community versi\u00f3n 13.0 y Odoo Enterprise versi\u00f3n 13.0, permite a atacantes autenticados remotos acceder a informaci\u00f3n confidencial por medio de peticiones RPC dise\u00f1adas, lo que podr\u00eda conllevar a una escalada de privilegios."}], "lastModified": "2024-11-21T04:21:46.750", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:odoo:odoo:13.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "4CE8B4A3-0EA3-4813-A511-16FB7D2B06AF"}, {"criteria": "cpe:2.3:a:odoo:odoo:13.0:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "FDDB70FB-2B58-42B4-96CB-D8C8C152A6A7"}], "operator": "OR"}]}], "sourceIdentifier": "security@odoo.com"}