Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.
References
Link | Resource |
---|---|
https://github.com/odoo/odoo/issues/107692 | Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
03 May 2023, 14:12
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:* cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:* |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | (MISC) https://github.com/odoo/odoo/issues/107692 - Issue Tracking, Patch, Vendor Advisory | |
First Time |
Odoo
Odoo odoo |
25 Apr 2023, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-25 19:15
Updated : 2023-12-10 15:01
NVD link : CVE-2021-44465
Mitre link : CVE-2021-44465
CVE.ORG link : CVE-2021-44465
JSON object : View
Products Affected
odoo
- odoo
CWE