Lucene search
JpcertCVE-2023-25955HistoryApr 11, 2023 - 9:15 a.m.
CVE-2023-25955
2023-04-1109:15:07
CWE-611
jpcert
web.nvd.nist.gov
24
cve-2023-25955
national land
numerical information
conversion tool
xxe
nvd
security flaw
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
22.5%
National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
Affected configurations
Node
mlitnational_land_numerical_information_data_conversion_tool
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mlit | national_land_numerical_information_data_conversion_tool | * | cpe:2.3:a:mlit:national_land_numerical_information_data_conversion_tool:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Ministry of Land, Infrastructure, Transport and Tourism, Japan",
"product": "National land numerical information data conversion tool",
"versions": [
{
"version": "all versions",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-25955
2023-04-11 09:15:07
prion
prion
Xxe
2023-04-11 09:15:00
cvelist
cvelist
CVE-2023-25955
2023-04-11 00:00:00
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
22.5%
Related for CVE-2023-25955