Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN40049211/ | Third Party Advisory |
https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html | Product |
Configurations
Configuration 1 (hide)
|
History
30 Jan 2024, 22:14
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:design_\&_survey:*:* cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:construction:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
CWE | CWE-611 | |
References | () https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html - Product | |
References | () https://jvn.jp/en/jp/JVN40049211/ - Third Party Advisory |
24 Jan 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-24 02:15
Updated : 2024-09-10 18:35
NVD link : CVE-2024-21796
Mitre link : CVE-2024-21796
CVE.ORG link : CVE-2024-21796
JSON object : View
Products Affected
dfeg
- electronic_deliverables_creation_support_tool
CWE
CWE-611
Improper Restriction of XML External Entity Reference