Japan Vulnerability NotesJVN:01434915JVN#01434915: Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.5%
“Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)” provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references (XXE) (CWE-611).
Impact
Processing a specially crafted XML file may lead to exposure of internal files on the system.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
The developer addressed the vulnerability in the following version:
- Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.15.0.001.001
Products Affected
- Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.5%