Xavier Morel

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 13.0 and earlier Odoo Enterprise versions 13.0 and earlier **Description** The issue is related to improper access control, allowing users with deactivated accounts to access the system using their deactivated account and any permission it still holds. This can be achieved via crafted RPC requests. **Recommendations** For Odoo Community versions 13.0 and earlier, update to a version that includes a fix for this issue. For Odoo Enterprise versions 13.0 and earlier, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to deactivated accounts to minimize the risk of exploitation.