Vulnerabilities > Odoo > High

DATE CVE VULNERABILITY TITLE RISK
2019-07-03 CVE-2018-14863 Improper Access Control vulnerability in Odoo 10.0/11.0/9.0
Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.
network
low complexity
odoo CWE-284
8.1
8.1
2019-04-09 CVE-2018-15640 Incorrect Authorization vulnerability in Odoo 10.0/11.0/12.0
Improper access control in the Helpdesk App of Odoo Enterprise 10.0 through 12.0 allows remote authenticated attackers to obtain elevated privileges via a crafted request.
network
low complexity
odoo CWE-863
8.8
8.8
2017-07-04 CVE-2017-10805 Incorrect Authorization vulnerability in Odoo 10.0/8.0/9.0
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users.
network
low complexity
odoo CWE-863
8.8
8.8