Privilege Escalation via Insecure Access Control in Odoo Community and Enterprise

Privilege Escalation via Insecure Access Control in Odoo Community and Enterprise

CVE-2018-14863 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:N

Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC.

Learn more about our User Device Pen Test.