Lucene search

[email protected]NVD:CVE-2021-23176

HistoryApr 25, 2023 - 7:15 p.m.

CVE-2021-23176

2023-04-2519:15:09

[email protected]

web.nvd.nist.gov

improper access control

reporting engine

remote authenticated users

accounting information

crafted rpc packets

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.

Affected configurations

NVD

Node

odooodooRange≤15.0community

odooodooRange≤15.0enterprise

References

github.com/odoo/odoo/issues/107682

www.debian.org/security/2023/dsa-5399

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for NVD:CVE-2021-23176

veracode1 debiancve1 prion1 cvelist1 ubuntucve1 cve1 osv2 openvas1 nessus1 debian1