ERP

In Odoo Community version 15.0 and Odoo Enterprise version 15.0 a high severity vulnerability CVE-2024-12368 was detected. This vulnerability allows an internal user to export the OAuth tokens of other users. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12368.

In Odoo Community version 17.0 and Odoo Enterprise version 17.0 a high severity vulnerability CVE-2024-36259 was detected. This vulnerability allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36259.

In Dolibarr version 21.0.0-beta a medium severity vulnerability CVE-2024-55228 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter of the Product module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55228.

In Dolibarr versions prior to 15.0.0 a medium severity vulnerability CVE-2021-3991 was found. This vulnerability lets attackers view sensitive reception details by accessing specific URLs without proper permissions. To fix this issue, users are advised to upgrade to version 15.0.0 or above. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2021-3991.

In Dolibarr ERP CRM versions before 19.0.2-php8.2 a high severity vulnerability CVE-2024-40137 was detected. A vulnerability in the Computed field parameter of the Users Module Setup in Dolibarr ERP CRM allows remote code execution. Fixed in version 19.0.2-php8.2 and later. If you can’t update, disable the function, restrict access, enforce strong access controls, monitor activity, conduct a security audit, and use network segmentation to limit movement. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40137.

In the Dolibarr version 19.0.1 a low severity vulnerability CVE-2024-37821 was detected. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SQL file. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37821/.

In Dolibarr versions before 19.0.2 a low severity vulnerability CVE-2024-34051 was detected. This flaw allows attackers to execute harmful scripts through the “facid” parameter on the payment card page. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34051/.

In Dolibarr version 9.0.1 a critical severity vulnerability CVE-2024-5315 was detected. This issue in ERP-CRM could let attackers access database information through a vulnerable parameter. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-5315/.

In Dolibarr a critical security vulnerability CVE-2024-29477 was detected. This vulnerability allows attackers to access your network and execute malicious code during installation. The issue is resolved in Dolibarr version 19.0.1 or newer. For more information, visit https://avd.aquasec.com/nvd/2024/cve-2024-29477.