CVE-2021-44460
First published: Tue Apr 25 2023(Updated: )
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.
Credit: security@odoo.com security@odoo.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Odoo Odoo | <=13.0 | |
| Odoo Odoo | <=13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2021-44460.
What is the severity level of CVE-2021-44460?
The severity level of CVE-2021-44460 is high with a score of 6.5.
Which versions of Odoo Community and Odoo Enterprise are affected by CVE-2021-44460?
Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier are affected by CVE-2021-44460.
How does CVE-2021-44460 impact the system?
CVE-2021-44460 allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.
Is there a fix available for CVE-2021-44460?
As of now, there is no official fix available for CVE-2021-44460. It is recommended to update to a newer version when a patch or update is released by Odoo.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/odoo
- canonical/odoo odoo
- version/odoo odoo/13.0