Yenthe Van Ginneken

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions prior to 15.0 Odoo Enterprise versions prior to 15.0 **Description** The issue is related to improper access control, allowing remote authenticated users to trigger the creation of demonstration data. This includes user accounts with known credentials. **Recommendations** For Odoo Community versions prior to 15.0, update to a version later than 15.0 to resolve the issue. For Odoo Enterprise versions prior to 15.0, update to a version later than 15.0 to resolve the issue. As a temporary workaround, consider restricting access to demonstration data creation functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 10.0 through 11.0 Odoo Enterprise versions 10.0 through 11.0 **Description** The issue is related to incorrect access control in the database manager component, allowing a remote attacker to restore a database dump without knowing the super-admin password. Any arbitrary password can succeed in this action. **Recommendations** For Odoo Community versions 10.0 through 11.0, update to a version that includes the fix for this issue. For Odoo Enterprise versions 10.0 through 11.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the database manager component to minimize the risk of exploitation.