Lucene search

Ubuntu.comUB:CVE-2021-44460

HistoryApr 25, 2023 - 12:00 a.m.

CVE-2021-44460

2023-04-2500:00:00

ubuntu.com

odoo

community

enterprise

access control

deactivated accounts

rpc requests

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

35.6%

JSON

Improper access control in Odoo Community 13.0 and earlier and Odoo
Enterprise 13.0 and earlier allows users with deactivated accounts to
access the system with the deactivated account and any permission it still
holds, via crafted RPC requests.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchodoo< anyUNKNOWN
ubuntu23.10noarchodoo< anyUNKNOWN
ubuntu24.04noarchodoo< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	odoo	< any	UNKNOWN
ubuntu	23.10	noarch	odoo	< any	UNKNOWN
ubuntu	24.04	noarch	odoo	< any	UNKNOWN

References

github.com/odoo/odoo/issues/107685

launchpad.net/bugs/cve/CVE-2021-44460

nvd.nist.gov/vuln/detail/CVE-2021-44460

security-tracker.debian.org/tracker/CVE-2021-44460

www.cve.org/CVERecord?id=CVE-2021-44460

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

35.6%

JSON

Related for UB:CVE-2021-44460