Tiffany Chang

**Name of the Vulnerable Software and Affected Versions** Odoo Community versions 14.0 through 15.0 Odoo Enterprise versions 14.0 through 15.0 **Description** The issue is related to improper access control in the reporting engine, allowing remote attackers to download PDF reports for arbitrary documents via crafted requests. **Recommendations** For Odoo Community versions 14.0 through 15.0, update to a version that includes the fix for this issue. For Odoo Enterprise versions 14.0 through 15.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the reporting engine to minimize the risk of exploitation.