// For flags

CVE-2017-10803

Odoo CRM 10.0 - Code Execution

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.

En Odoo versión 8.0, Odoo Community Edition versiones 9.0 y 10.0, y Odoo Enterprise Edition versiones 9.0 y 10.0, el manejo no seguro de datos de anonimización en el módulo de Anonimización de Base de Datos permite que los usuarios privilegiados identificados remotos ejecuiten código Python arbitrario, porque es utilizado unpickle.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-06-30 First Exploit
  • 2017-07-03 CVE Reserved
  • 2017-07-04 CVE Published
  • 2023-11-19 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Odoo
Search vendor "Odoo"
Odoo
Search vendor "Odoo" for product "Odoo"
8.0
Search vendor "Odoo" for product "Odoo" and version "8.0"
-
Affected
Odoo
Search vendor "Odoo"
Odoo
Search vendor "Odoo" for product "Odoo"
9.0
Search vendor "Odoo" for product "Odoo" and version "9.0"
community
Affected
Odoo
Search vendor "Odoo"
Odoo
Search vendor "Odoo" for product "Odoo"
9.0
Search vendor "Odoo" for product "Odoo" and version "9.0"
enterprise
Affected
Odoo
Search vendor "Odoo"
Odoo
Search vendor "Odoo" for product "Odoo"
10.0
Search vendor "Odoo" for product "Odoo" and version "10.0"
community
Affected
Odoo
Search vendor "Odoo"
Odoo
Search vendor "Odoo" for product "Odoo"
10.0
Search vendor "Odoo" for product "Odoo" and version "10.0"
enterprise
Affected