Lucene search

Japan Vulnerability NotesJVN:40049211

HistoryJan 23, 2024 - 12:00 a.m.

JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

2024-01-2300:00:00

Japan Vulnerability Notes

jvn.jp

ministry of defense

xml external entity references

cwe-611

software update

construction edition

design & survey edition

ver1.0.4

system exposure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references (XXE) (CWE-611).

Impact

Processing a specially crafted XML file may lead to exposure of internal files on the system.

Solution

Update the Software
Update the software to the latest version according to the information provided by the developer.

Products Affected

Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4
Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

Related for JVN:40049211