Detections
Analytics
Odoo Database Manager Detected
medium Web App Scanning Plugin ID 114371
Language:
Synopsis
Odoo Database Manager DetectedDescription
Odoo is a popular ERP and CRM open-source platform. Odoo includes a database manager which can help administrators performing management operations on their Odoo databases through a web interface. When exposed, this web interface can help an attacker trying to bruteforce weak master passwords and conducting advanced attack on the target Odoo instance.Solution
Disable Odoo Database Manager. If a public access is still required for some users, ensure that database manager access requires proper authentication or IP addresses access control.See Also
https://www.odoo.com/forum/help-1/securing-web-database-manager-121799
Plugin Details
Severity: Medium
ID: 114371
Type: remote
Family: Component Vulnerability
Published: 7/18/2024
Updated: 7/18/2024
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Low
Score: 1.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: Tenable
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS Score Source: Tenable
CVSS v4
Risk Factor: Medium
Base Score: 6.9
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score Source: Tenable
Vulnerability Information
CPE: cpe:2.3:a:odoo:odoo:*:*:*:*:*:*:*:*
Reference Information
CWE: 16
OWASP: 2010-A6, 2013-A5, 2013-A9, 2017-A6, 2017-A9, 2021-A5, 2021-A6
WASC: Application Misconfiguration
DISA STIG: APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-14.2.1
PCI-DSS: 3.2-6.2