CVE-2024-21796

Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:construction:*:*
cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:design_\&_survey:*:*

History

30 Jan 2024, 22:14

Type Values Removed Values Added
CPE cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:design_\&_survey:*:*
cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:construction:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CWE CWE-611
References () https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html - () https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html - Product
References () https://jvn.jp/en/jp/JVN40049211/ - () https://jvn.jp/en/jp/JVN40049211/ - Third Party Advisory

24 Jan 2024, 02:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-24 02:15

Updated : 2024-09-10 18:35


NVD link : CVE-2024-21796

Mitre link : CVE-2024-21796

CVE.ORG link : CVE-2024-21796


JSON object : View

Products Affected

dfeg

  • electronic_deliverables_creation_support_tool
CWE
CWE-611

Improper Restriction of XML External Entity Reference