{"api_version":"1","generated_at":"2026-04-22T22:58:12+00:00","cve":"CVE-2019-11786","urls":{"html":"https://cve.report/CVE-2019-11786","api":"https://cve.report/api/cve/CVE-2019-11786.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11786","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11786"},"summary":{"title":"CVE-2019-11786","description":"Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements.","state":"PUBLIC","assigner":"security@odoo.com","published_at":"2020-12-22 17:15:00","updated_at":"2021-11-02 19:21:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://github.com/odoo/odoo/issues/63711","name":"https://github.com/odoo/odoo/issues/63711","refsource":"MISC","tags":["Third Party Advisory"],"title":"[SEC] CVE-2019-11786 - Affects: Odoo 13.0 and earlier (Community an... · Issue #63711 · odoo/odoo · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11786","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11786","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Martin Trigaux","lang":""},{"source":"LEGACY","value":"Alexandre Diaz","lang":""}],"nvd_cpes":[{"cve_year":"2019","cve_id":"11786","vulnerable":"1","versionEndIncluding":"13.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"odoo","cpe5":"odoo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11786","vulnerable":"1","versionEndIncluding":"13.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"odoo","cpe5":"odoo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-11786","ASSIGNER":"security@odoo.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Odoo Community","version":{"version_data":[{"version_affected":"<=","version_value":"13.0"}]}},{"product_name":"Odoo Enterprise","version":{"version_data":[{"version_affected":"<=","version_value":"13.0"}]}}]},"vendor_name":"Odoo"}]}},"credit":[{"lang":"eng","value":"Martin Trigaux"},{"lang":"eng","value":"Alexandre Diaz"}],"description":{"description_data":[{"lang":"eng","value":"Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":" CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-284 Improper Access Control"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://github.com/odoo/odoo/issues/63711","name":"https://github.com/odoo/odoo/issues/63711"}]},"source":{"advisory":"ODOO-SA-2020-12-02","discovery":"EXTERNAL"}},"nvd":{"publishedDate":"2020-12-22 17:15:00","lastModifiedDate":"2021-11-02 19:21:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*","versionEndIncluding":"13.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"13.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11786","Ordinal":"150108","Title":"CVE-2019-11786","CVE":"CVE-2019-11786","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11786","Ordinal":"1","NoteData":"Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11786","Ordinal":"2","NoteData":"2020-12-22","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11786","Ordinal":"3","NoteData":"2020-12-22","Type":"Other","Title":"Modified"}]}}}