{"api_version":"1","generated_at":"2026-04-22T22:58:12+00:00","cve":"CVE-2021-45111","urls":{"html":"https://cve.report/CVE-2021-45111","api":"https://cve.report/api/cve/CVE-2021-45111.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-45111","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-45111"},"summary":{"title":"CVE-2021-45111","description":"Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.","state":"PUBLIC","assigner":"security@odoo.com","published_at":"2023-04-25 19:15:00","updated_at":"2023-05-05 21:15:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2023/dsa-5399","name":"https://www.debian.org/security/2023/dsa-5399","refsource":"MISC","tags":[],"title":"Debian -- Security Information -- DSA-5399-1 odoo","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/odoo/odoo/issues/107683","name":"https://github.com/odoo/odoo/issues/107683","refsource":"MISC","tags":[],"title":"[SEC] CVE-2021-45111 - Improper access control in Odoo Community 15.... · Issue #107683 · odoo/odoo · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-45111","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45111","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"45111","vulnerable":"1","versionEndIncluding":"15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"odoo","cpe5":"odoo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"community","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"45111","vulnerable":"1","versionEndIncluding":"15.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"odoo","cpe5":"odoo","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-45111","qid":"181773","title":"Debian Security Update for odoo (DSA 5399-1)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2021-45111","ASSIGNER":"security@odoo.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Improper Access Control"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Odoo","product":{"product_data":[{"product_name":"Odoo Community","version":{"version_data":[{"version_affected":"<=","version_name":"0","version_value":"15.0"}]}},{"product_name":"Odoo Enterprise","version":{"version_data":[{"version_affected":"<=","version_name":"0","version_value":"15.0"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/odoo/odoo/issues/107683","refsource":"MISC","name":"https://github.com/odoo/odoo/issues/107683"},{"url":"https://www.debian.org/security/2023/dsa-5399","refsource":"MISC","name":"https://www.debian.org/security/2023/dsa-5399"}]},"credits":[{"lang":"eng","value":"Nils Hamerlinck"},{"lang":"eng","value":"Yenthe Van Ginneken"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","version":"3.0"}]}},"nvd":{"publishedDate":"2023-04-25 19:15:00","lastModifiedDate":"2023-05-05 21:15:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":8.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:odoo:odoo:*:*:*:*:enterprise:*:*:*","versionEndIncluding":"15.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:odoo:odoo:*:*:*:*:community:*:*:*","versionEndIncluding":"15.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"45111","Ordinal":"224100","Title":"CVE-2021-45111","CVE":"CVE-2021-45111","Year":"2021"},"notes":[]}}}