Tryton trytond 5.0.2

CPE Details

Tryton trytond 5.0.2
tryton
trytond
5.0.2
2019-01-31
15h20 +00:00
2019-01-31
15h20 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:tryton:trytond:5.0.2:*:*:*:*:*:*:*

Informations

Vendor

tryton

Product

trytond

Version

5.0.2

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-26661 2022-03-07 21h40 +00:00 An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
6.5
Moyen
CVE-2022-26662 2022-03-07 21h40 +00:00 An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
7.5
Haute
CVE-2019-10868 2019-04-04 22h25 +00:00 In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values.
6.5
Moyen