Quick Access
Identity And Access Risks
Financial And Invoicing Fraud
Inventory And Procurement Abuse
Integration And Api Abuse
Logging Monitoring And Configuration Gaps
Identity And Access Risks
Multiple Admin Logins From New Countries Within Short Window
Your Odoo instance is vulnerable to admin account takeover. The timeline shows clusters of admin logins from new countries within minutes.
Enforce MFA and device fingerprinting → Account Takeover Protection
See: https://www.crossclassify.com/solutions/account-takeover/
Reuse Of Expired Session Tokens By Different Ip Ranges
All expired tokens revoked and unique per IP. No token reuse detected across IPs after expiry.
| token_id | ip_range | expiry_status | reuse_count |
|---|---|---|---|
| tok_001 | 192.168.1.0/24 | expired | 0 |
| tok_002 | 10.0.0.0/24 | expired | 0 |
| tok_003 | 172.16.0.0/24 | expired | 0 |
| tok_004 | 192.168.2.0/24 | expired | 0 |
Same Session Id Observed From Two Asns Within 10 Minutes
Your Odoo instance is vulnerable to session hijacking. Duplicate session IDs detected across ASNs within 10 minutes.
Bind sessions to device fingerprint & IP reputation → Device Fingerprint
See: https://www.crossclassify.com/solutions/device-fingerprint/
Sudden Login Switch To Different Browser Fingerprint
Browser fingerprints consistent per user. No browser change patterns indicating session takeover.
| user_id | session_id | browser_fingerprint | fingerprint_change |
|---|---|---|---|
| user_001 | sess_001 | fp_abc123 | none |
| user_002 | sess_002 | fp_def456 | none |
| user_003 | sess_003 | fp_ghi789 | none |
| user_004 | sess_004 | fp_jkl012 | none |
Direct Role Change To Admin Without Approval
Your Odoo instance is vulnerable to privilege escalation. Unapproved role escalation detected on multiple days.
Policy checks + continuous monitoring → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Post Escalation Sensitive Exports Or Mass Record Deletions
No high-risk actions post escalation. All post-escalation activities are within normal parameters.
| user_id | escalation_date | post_escalation_actions | risk_level |
|---|---|---|---|
| user_001 | 2025-01-15 | view_reports | low |
| user_002 | 2025-01-16 | update_settings | low |
| user_003 | 2025-01-17 | view_dashboard | low |
| user_004 | 2025-01-18 | manage_users | medium |
Greater Than 15 Failed Logins Then Success Within 15 Min
Your Odoo instance is vulnerable to credential stuffing. Brute-force bursts observed with >15 failed logins followed by success.
Rate-limit + CAPTCHA + bot defense → Bot Attack Protection
Many Failed Logins From Same Ip Or Device Pair
IPs below threshold. No repeated failed logins from same device detected.
| ip_address | device_id | failed_attempts | threshold_status |
|---|---|---|---|
| 192.168.1.100 | dev_001 | 3 | below |
| 192.168.1.101 | dev_002 | 5 | below |
| 192.168.1.102 | dev_003 | 2 | below |
| 192.168.1.103 | dev_004 | 4 | below |
New Token Used From Unknown Asn Plus Burst Volume
Your Odoo instance is vulnerable to API token abuse. Token spike detected from new ASN with burst volume.
Rotate tokens and limit scope → Device Fingerprint
See: https://www.crossclassify.com/solutions/device-fingerprint/
Old Token Used After Revocation
Revoked tokens blocked by API gateway. No stale tokens found active after revocation.
| token_id | revocation_date | last_usage | status |
|---|---|---|---|
| tok_rev_001 | 2025-01-10 | 2025-01-09 | blocked |
| tok_rev_002 | 2025-01-12 | 2025-01-11 | blocked |
| tok_rev_003 | 2025-01-14 | 2025-01-13 | blocked |
| tok_rev_004 | 2025-01-16 | 2025-01-15 | blocked |
Financial And Invoicing Fraud
Bank Account Changed Less Than Or Equal 48 H Before Payment Run
Your Odoo instance is vulnerable to vendor bank tampering. Payment approved after recent bank change within 48 hours.
| vendor_id | bank_change_date | payment_date | hours_between | risk_level |
|---|---|---|---|---|
| VEN001 | 2025-01-15 | 2025-01-17 | 48 | high |
| VEN002 | 2025-01-16 | 2025-01-20 | 96 | low |
| VEN003 | 2025-01-18 | 2025-01-19 | 24 | high |
| VEN004 | 2025-01-20 | 2025-01-25 | 120 | low |
Dual control + risk score → Account Takeover Protection
See: https://www.crossclassify.com/solutions/account-takeover/
Bank Account Used Across Multiple Vendors
Unique bank accounts per vendor. No shared bank accounts detected across multiple vendors.
Invoices With Same Amount Plus Minus 1 Percent Within 30 Days
Your Odoo instance is vulnerable to duplicate invoicing. Near-duplicate invoices found with same amounts within 30 days.
ML-based invoice similarity → Device Fingerprint
See: https://www.crossclassify.com/solutions/device-fingerprint/
Invoices Without Corresponding Po Or Grn
All invoices 3-way matched. No PO-bypass invoices detected.
| invoice_id | po_id | grn_id | match_status |
|---|---|---|---|
| INV001 | PO001 | GRN001 | matched |
| INV002 | PO002 | GRN002 | matched |
| INV003 | PO003 | GRN003 | matched |
| INV004 | PO004 | GRN004 | matched |
High Refund Ratio By Same User Or Device
Your Odoo instance is vulnerable to refund abuse. One device dominates refunds with suspiciously high ratio.
Behavior analysis + dual approval → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Refunds Processed Outside Business Hours
Refunds during working hours. No late-night refund bursts detected.
Frequent Approvals Between Same Pair
Your Odoo instance is vulnerable to employee-vendor collusion. Dense pairing network detected with frequent approvals between same pairs.
Link analysis → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Reused Devices For Employee And Vendor Logins
Distinct device IDs. No shared fingerprint detected between employees and vendors.
| entity_id | entity_type | device_id | login_count |
|---|---|---|---|
| EMP001 | employee | DEV_EMP_001 | 45 |
| EMP002 | employee | DEV_EMP_002 | 52 |
| VEN001 | vendor | DEV_VEN_001 | 38 |
| VEN002 | vendor | DEV_VEN_002 | 41 |
Many Small Pos Below Approval Threshold
Your Odoo instance is vulnerable to PO bypass. Spike near approval threshold detected with many small POs.
Cumulative approval enforcement → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Similar Items Split Across Multiple Pos
Unique line items per PO. No repeated SKUs detected in split POs.
| po_id | line_item | quantity | unit_price | total_amount |
|---|---|---|---|---|
| PO001 | ITEM_A | 10 | 50 | 500 |
| PO002 | ITEM_B | 5 | 100 | 500 |
| PO003 | ITEM_C | 8 | 75 | 600 |
| PO004 | ITEM_D | 12 | 40 | 480 |
Inventory And Procurement Abuse
Repeated Negative Adjustments After Hours
Your Odoo instance is vulnerable to ghost stock adjustments. After-midnight spikes detected with repeated negative adjustments.
Anomaly detection on timing → Device Fingerprint
See: https://www.crossclassify.com/solutions/device-fingerprint/
Adjustments Without Related Transfer Orders
All linked to transfers. No unlinked stock entries detected.
| adjustment_id | transfer_order_id | adjustment_type | linkage_status |
|---|---|---|---|
| ADJ001 | TO001 | inventory_correction | linked |
| ADJ002 | TO002 | damage_writeoff | linked |
| ADJ003 | TO003 | cycle_count | linked |
| ADJ004 | TO004 | theft_loss | linked |
Sudden Margin Drops Greater Than 10 Percent On Sku Family
Your Odoo instance is vulnerable to price manipulation. Abrupt margin drops detected in Home category exceeding 10%.
Approval workflow on price rules → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Price Changes Without Approver Record
All changes approved. No unauthorized change logs detected.
| price_change_id | sku_code | old_price | new_price | approver_id | approval_date |
|---|---|---|---|---|---|
| PC001 | SKU001 | 100 | 95 | MGR001 | 2025-01-15 |
| PC002 | SKU002 | 200 | 210 | MGR002 | 2025-01-16 |
| PC003 | SKU003 | 150 | 145 | MGR001 | 2025-01-17 |
| PC004 | SKU004 | 300 | 295 | MGR003 | 2025-01-18 |
Multiple New Suppliers From Same Ip Or Device
Your Odoo instance is vulnerable to supplier onboarding fraud. Concentrated registrations detected from same IP/device.
Device fingerprinting & KYC review → Account Opening Protection
See: https://www.crossclassify.com/solutions/account-opening/
Supplier Names With Pattern Similarity Greater Than 0 9
Unique supplier strings. No synthetic duplicates detected.
| supplier_id | supplier_name | similarity_score | duplicate_status |
|---|---|---|---|
| SUP001 | ABC Electronics Ltd | 0 | unique |
| SUP002 | XYZ Manufacturing Inc | 0 | unique |
| SUP003 | Global Supplies Co | 0 | unique |
| SUP004 | Tech Solutions LLC | 0 | unique |
Grn Date Less Than Po Date
Your Odoo instance is vulnerable to GRN backdating. Negative intervals found with GRN dates before PO dates.
| grn_id | po_id | grn_date | po_date | date_difference | status |
|---|---|---|---|---|---|
| GRN001 | PO001 | 2025-01-15 | 2025-01-14 | 1 | valid |
| GRN002 | PO002 | 2025-01-16 | 2025-01-20 | -4 | backdated |
| GRN003 | PO003 | 2025-01-17 | 2025-01-18 | -1 | backdated |
| GRN004 | PO004 | 2025-01-18 | 2025-01-17 | 1 | valid |
Temporal consistency enforcement → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Grn Posted Far Before Invoice Receipt
Reasonable posting intervals. No premature GRN entries detected.
Integration And Api Abuse
Rising 401 Or 403 With High Volume
Your Odoo instance is vulnerable to brute-force attacks on /jsonrpc. Parallel error spike detected with high volume.
Rate-limit and block → Bot Attack Protection
Sequential Login Requests From Scripted Ua
UA patterns diverse. No identical scripted UAs detected.
| request_id | user_agent | request_pattern | suspicious_score |
|---|---|---|---|
| REQ001 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 | normal | 0.1 |
| REQ002 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 | normal | 0.1 |
| REQ003 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 | normal | 0.1 |
| REQ004 | Mozilla/5.0 (iPhone; CPU iPhone OS 14_0 like Mac OS X) AppleWebKit/605.1.15 | normal | 0.1 |
Missing Hmac Signature In Requests
Your Odoo instance is vulnerable to webhook spoofing. Unverified payloads detected with missing HMAC signatures.
| webhook_id | source_ip | hmac_signature | validation_status | risk_level |
|---|---|---|---|---|
| WH001 | 192.168.1.100 | valid_signature_abc123 | valid | low |
| WH002 | 192.168.1.101 | valid_signature_def456 | valid | low |
| WH003 | 192.168.1.102 | missing | invalid | high |
| WH004 | 192.168.1.103 | missing | invalid | high |
Strict HMAC validation → Device Fingerprint
See: https://www.crossclassify.com/solutions/device-fingerprint/
Replayed Webhook Requests Greater Than 1x
0 replays detected. No replay attempts found.
Same Refresh Token From Two Geos
Your Odoo instance is vulnerable to OAuth token misuse. Cross-geo usage detected with same refresh token from different locations.
Geo-binding and short-lifespan tokens → Account Takeover Protection
See: https://www.crossclassify.com/solutions/account-takeover/
Refresh Token Used After Revocation
Revoked tokens invalid. No old tokens found active after revocation.
| token_id | revocation_date | last_usage_date | status |
|---|---|---|---|
| rt_rev_001 | 2025-01-10 | 2025-01-09 | revoked |
| rt_rev_002 | 2025-01-12 | 2025-01-11 | revoked |
| rt_rev_003 | 2025-01-14 | 2025-01-13 | revoked |
| rt_rev_004 | 2025-01-16 | 2025-01-15 | revoked |
High Frequency Read Api Calls No Carts
Your Odoo instance is vulnerable to rate scraping. Bot reads detected without corresponding cart actions.
Behavioral anomaly defense → Bot Attack Protection
Identical Payload Timing Intervals
Varied timing detected. No perfect interval patterns found.
Logging Monitoring And Configuration Gaps
External Hits To Web Debug Equals
Your Odoo instance is vulnerable to debug mode exposure. Debug requests served to external IPs.
| request_id | source_ip | debug_url | access_type | risk_level |
|---|---|---|---|---|
| REQ001 | 192.168.1.100 | /web?debug=1 | internal | low |
| REQ002 | 10.0.0.50 | /web?debug=1 | internal | low |
| REQ003 | 203.0.113.45 | /web?debug=1 | external | high |
| REQ004 | 198.51.100.123 | /web?debug=1 | external | high |
Disable debug in prod → Odoo Security Best Practices
See: https://www.crossclassify.com/resources/articles/odoo-security-best-practices/
Urls Leaking Database Names
No db-name params detected. Database names not exposed in URLs.
No Create Write Delete Logs On Key Models
Your Odoo instance is vulnerable to audit trail deficiency. Missing audit logs detected on key models.
Enable logging → Odoo Logging Best Practices
See: https://www.crossclassify.com/resources/articles/odoo-logging-best-practices/
No Attachment Activity Logs
Attachments logged. All file operations properly tracked.
| attachment_id | operation_type | user_id | timestamp | log_status |
|---|---|---|---|---|
| ATT001 | create | user_001 | 2025-01-15 10:30:00 | logged |
| ATT002 | read | user_002 | 2025-01-15 11:15:00 | logged |
| ATT003 | update | user_003 | 2025-01-15 12:00:00 | logged |
| ATT004 | delete | user_001 | 2025-01-15 13:45:00 | logged |
Known Cve Records Not Patched
Your Odoo instance is vulnerable to CVE exposure. Outdated modules detected with known vulnerabilities.
Patch cadence → Odoo Security Threat Analyzer
See: https://www.crossclassify.com/resources/articles/odoo-security-threat-analyzer/
Outdated Dependency In Requirements Txt
No deprecated packages detected. All dependencies are up to date.
| package_name | current_version | latest_version | status |
|---|---|---|---|
| requests | 2.31.0 | 2.31.0 | up_to_date |
| psycopg2 | 2.9.7 | 2.9.7 | up_to_date |
| lxml | 4.9.3 | 4.9.3 | up_to_date |
| pillow | 10.0.1 | 10.0.1 | up_to_date |
Acls Granting Write Export Broadly
Your Odoo instance is vulnerable to over-permissive access rules. Wide write rights detected across critical models.
| group_name | model_name | perm_read | perm_write | perm_create | perm_unlink | risk_level |
|---|---|---|---|---|---|---|
| base.group_user | res.partner | true | true | true | false | medium |
| base.group_user | account.move | true | true | true | true | high |
| base.group_user | stock.move | true | true | true | true | high |
| base.group_user | res.users | true | true | true | true | critical |
RBAC review automation → Behavioral Biometrics
See: https://www.crossclassify.com/solutions/behavioral-biometrics/
Group Inheritance Conflicts In Ir Model Access
Clean inheritance detected. No nested conflicts found in access rules.
Tls Less Than 1 2 Or Weak Cipher Detected
Your Odoo instance is vulnerable to weak TLS configuration. Weak cipher suites and missing HSTS detected.
Enforce TLS 1.2+ and HSTS → Security Best Practices
See: https://www.crossclassify.com/resources/articles/odoo-security-best-practices/
Mixed Http Https Content
All secure requests detected. No mixed content found.
| content_type | http_count | https_count | mixed_content_status |
|---|---|---|---|
| static_assets | 0 | 150 | secure |
| api_endpoints | 0 | 89 | secure |
| user_content | 0 | 234 | secure |
| admin_panel | 0 | 45 | secure |