CyberSec.Space Logo
CVEブラウザに戻る

CVE-2015-0861

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.1050%
EPSS Percentile42.46th
Published2016年4月13日
Last Modified2026年5月6日

Vulnerability Description

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Affected Platforms (CPE)

📦
Tryton

Trytond

>= 3.2.0 and < 3.2.10
📦
Tryton

Trytond

>= 3.4.0 and < 3.4.8
📦
Tryton

Trytond

>= 3.6.0 and < 3.6.5
📦
Tryton

Trytond

>= 3.8.0 and < 3.8.1
💻
Debian

Debian Linux

= 8.0

References & Advisories

🔗 http://www.debian.org/security/2015/dsa-3425
🔗 http://www.tryton.org/posts/security-release-for-issue5167.html
🔗 https://bugs.tryton.org/issue5167
🔗 http://www.debian.org/security/2015/dsa-3425
🔗 http://www.tryton.org/posts/security-release-for-issue5167.html
🔗 https://bugs.tryton.org/issue5167

関連する脆弱性情報

CVE-2014-66338.8

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x...

CVE-2012-22387.5

trytond 2.4: ModelView.button fails to validate authorization

CVE-2012-02155.5

model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to t...

CVE-2015-098710.0

Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password tra...