Main Vulnerability Database SB2016090713

SB2016090713 - Multiple vulnerabilities in Python Tryton

Published: September 7, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016090713

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2016-1242)

The vulnerability allows a remote privileged user to gain access to sensitive information.

file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors.

2) Information disclosure (CVE-ID: CVE-2016-1241)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors.

Remediation

Install update from vendor's website.

SB2016090713 - Multiple vulnerabilities in Python Tryton

Breakdown by Severity

Description

Remediation

References

Please verify you're human