CVE-2015-0861

low-risk

Published 2016-04-13

model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (2)

Trytond

Debian Linux

Affected Vendors

Debian Tryton

References (6)

Vendor Advisory http://www.debian.org/security/2015/dsa-3425

Vendor Advisory http://www.tryton.org/posts/security-release-for-issue5167.html

Exploit https://bugs.tryton.org/issue5167

Vendor Advisory http://www.debian.org/security/2015/dsa-3425

Vendor Advisory http://www.tryton.org/posts/security-release-for-issue5167.html

Exploit https://bugs.tryton.org/issue5167

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 7/34 · Low