Improper Access Control in Reporting Engine of l10n_fr_fec Module in Odoo Community and Enterprise Versions 15.0 and Earlier

Improper Access Control in Reporting Engine of l10n_fr_fec Module in Odoo Community and Enterprise Versions 15.0 and Earlier

CVE-2021-23176 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.

Learn more about our User Device Pen Test.