| |
Vulnerability CVE-2015-0861
Published: 2016-04-13
Description: |
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. |
Type:
CWE-264 (Permissions, Privileges, and Access Controls)
CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4/10 |
2.9/10 |
8/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
Single time |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://www.debian.org/security/2015/dsa-3425
http://www.tryton.org/posts/security-release-for-issue5167.html
https://bugs.tryton.org/issue5167
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|