Odoo · Odoo Community · CVE-2021-23176
**Name of the Vulnerable Software and Affected Versions**
Odoo Community versions 15.0 and earlier
Odoo Enterprise versions 15.0 and earlier
**Description**
The issue is related to improper access control in the reporting engine of the l10n fr fec module. This allows remote authenticated users to extract accounting information via crafted RPC packets.
**Recommendations**
For Odoo Community versions 15.0 and earlier, update to a version that includes the fix for this issue.
For Odoo Enterprise versions 15.0 and earlier, update to a version that includes the fix for this issue.
As a temporary workaround, consider restricting access to the reporting engine of the l10n fr fec module to minimize the risk of exploitation.