Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a man-in-the-middle.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Tryton 安全漏洞
Vulnerability Description
Tryton是一套基于Python和PostgreSQL的通用应用平台,它是OpenERP(企业资源计划ERP和客户关系管理CRM系统)的一个独立分支项目,包含了财务管理、营销管理、客户关系管理等模块,可用于创建企业资源计划系统。 Tryton 5.0.1之前的5.x版本中的客户端存在安全漏洞。攻击者可通过实施中间人攻击利用该漏洞窃取用户会话。
CVSS Information
N/A
Vulnerability Type
N/A