Home > Vulnerability Database > CVE-2017-10803

Mend.io Vulnerability Database

CVE-2017-10803

Date: July 4, 2017

In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.

Language: JS

Severity Score

6.5

Related Resources (3)

Url: https://github.com/odoo/odoo/issues/17898

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-10803

Url: https://www.mend.io/vulnerability-database/CVE-2017-10803

Severity Score

6.5

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

CVSS v3

Base Score:	6.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	8.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-10803

Date: July 4, 2017

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3

CVSS v2

Do you need more information?