Improper Access Control in Odoo Community and Enterprise Products
CVE-2021-45111

7.1HIGH

Key Information:

Vendor: Odoo
Status: Odoo Community; Odoo Enterprise
Vendor: CVE Published:; 25 April 2023

What is CVE-2021-45111?

An improper access control vulnerability exists in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier. This flaw allows remote authenticated users to exploit the system by triggering the creation of demonstration data. Consequently, this can result in the establishment of user accounts with known credentials, potentially compromising the integrity and security of the platform and sensitive user information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Odoo Community 0 <= 15.0

Odoo Enterprise 0 <= 15.0

References

https://github.com/odoo/odoo/issues/107683

https://www.debian.org/security/2023/dsa-5399

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Dec 27, 2021

Credit

Nils Hamerlinck

Yenthe Van Ginneken

JSON

Odoo