Hi all,
I’m using GVM 24.5.0 (under Docker) and scanning an Odoo v11 server.
The detected vulnerabilities are at most in 5.9 (medium) for SSL and cookie issues.
There are no Odoo-related vulnerabilities. However, in the detected applications, I clearly see “cpe:/a:odoo:odoo” (without a version).
Is this normal?
Thank you.
Hello,
and welcome to this community forums.
Only two short remarks that this is currently expected:
- Oodo doesn’t expose the version remotely without authentication and you need to give HTTP Web GUI credentials to the following VT in your scan configuration:
- Name: Odoo Business Management Software Detection (HTTP)
- OID: 1.3.6.1.4.1.25623.1.0.812511
- Vulnerability tests for the Odoo product itself are only part of the commercial enterprise feed
1 Like