{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T21:20:58.844","vulnerabilities":[{"cve":{"id":"CVE-2018-15632","sourceIdentifier":"security@odoo.com","published":"2020-12-22T17:15:12.487","lastModified":"2024-11-21T03:51:11.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials."},{"lang":"es","value":"Una comprobación de entrada inapropiada en la lógica de creación de la base de datos en Odoo Community versiones 11.0 y anteriores y Odoo Enterprise versiones 11.0 y anteriores, permite a atacantes remotos inicializar una base de datos vacía en la que pueden conectarse con las credenciales predeterminadas"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}],"cvssMetricV30":[{"source":"security@odoo.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:C","baseScore":8.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":7.8,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@odoo.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"D9126A1A-FA35-4127-91B3-A3FA8B26FABB"},{"vulnerable":true,"criteria":"cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"11.0","matchCriteriaId":"9ACA123F-EF25-4E9D-8D60-4368B2F25FA0"}]}]}],"references":[{"url":"https://github.com/odoo/odoo/issues/63700","source":"security@odoo.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/odoo/odoo/issues/63700","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}