Odoo Database Manager Detected

medium Web App Scanning Plugin ID 114371

Synopsis

Odoo Database Manager Detected

Description

Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. When exposed, this web interface can help an attacker trying to bruteforce weak master passwords and conducting advanced attack on the target Odoo instance.

Solution

Disable Odoo Database Manager. If a public access is still required for some users, ensure that database manager access requires proper authentication or IP addresses access control.

See Also

https://www.odoo.com/

https://www.odoo.com/forum/help-1/securing-web-database-manager-121799

Plugin Details

Severity: Medium

ID: 114371

Type: remote

Published: 7/18/2024

Updated: 7/18/2024

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:odoo:odoo:*:*:*:*:*:*:*:*

Reference Information