CVE-2021-23203

EPSS 0.68%
Veröffentlicht 25.04.2023 19:15:09
Zuletzt bearbeitet 03.02.2025 18:15:27
Quelle security@odoo.com
CVE-Watchlists
Login
Unerledigt
Login

Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Odoo ≫ Odoo Version14.0 SwEditioncommunity

Odoo ≫ Odoo Version14.0 SwEditionenterprise

Odoo ≫ Odoo Version15.0 SwEditioncommunity

Odoo ≫ Odoo Version15.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.68%	0.712

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security@odoo.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://www.debian.org/security/2023/dsa-5399

https://github.com/odoo/odoo/issues/107695

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-23203

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-23203

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-23203

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-23203