Tryton trytond 5.0.4

CPE Details

Tryton trytond 5.0.4
tryton
trytond
5.0.4
2019-01-31
15h20 +00:00
2019-01-31
15h20 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:tryton:trytond:5.0.4:*:*:*:*:*:*:*

Informations

Vendor

tryton

Product

trytond

Version

5.0.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-26661 2022-03-07
21h40 +00:00		 An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
6.5
Medium
CVE-2022-26662 2022-03-07
21h40 +00:00		 An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
7.5
High
CVE-2019-10868 2019-04-04
22h25 +00:00		 In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.
6.5
Medium