Lucene search
JpcertCVE-2023-32635HistoryJul 19, 2023 - 6:15 a.m.
CVE-2023-32635
2023-07-1906:15:12
CWE-611
jpcert
web.nvd.nist.gov
15
cve-2023-32635
xbrl
data create app
xxe
security vulnerability
nvd
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
24.3%
XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.
Affected configurations
Node
edinet-fsaxbrl_data_createRange≤7.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| edinet-fsa | xbrl_data_create | * | cpe:2.3:a:edinet-fsa:xbrl_data_create:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Financial Services Agency",
"product": "XBRL data create application",
"versions": [
{
"version": "version 7.0 and earlier",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2023-32635
2023-07-19 05:54:29
jvn
jvn
prion
prion
Xxe
2023-07-19 06:15:00
nvd
nvd
CVE-2023-32635
2023-07-19 06:15:12
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
5.5
Confidence
High
EPSS
0.001
Percentile
24.3%
Related for CVE-2023-32635