Arbitrary Business Record Subscription Vulnerability in Odoo Community and Enterprise 13.0 and Earlier

Arbitrary Business Record Subscription Vulnerability in Odoo Community and Enterprise 13.0 and Earlier

CVE-2021-44465 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.

Learn more about our Web Application Penetration Testing UK.