Lucene search

[email protected]NVD:CVE-2021-44460

HistoryApr 25, 2023 - 7:15 p.m.

CVE-2021-44460

2023-04-2519:15:09

[email protected]

web.nvd.nist.gov

odoo community

access control

deactivated accounts

rpc requests

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.6%

JSON

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.

Affected configurations

NVD

Node

odooodooRange≤13.0community

odooodooRange≤13.0enterprise

References

github.com/odoo/odoo/issues/107685

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.6%

JSON

Related for NVD:CVE-2021-44460

cve1 prion1 ubuntucve1 osv1 cvelist1 debiancve1