CVE-2021-44460

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-44460

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44460.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-44460

Aliases

BIT-odoo-2021-44460

Downstream

UBUNTU-CVE-2021-44460

Published

2023-04-25T19:15:09.600Z

Modified

2026-03-14T11:17:42.720488Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.

References

https://github.com/odoo/odoo/issues/107685

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44460.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.0"
            }
        ]
    }
]