Japan Vulnerability NotesJVN:77736613JVN#77736613: Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.3%
“Electronic Delivery Check System” and “Electronic delivery item Inspection Support System” provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references (XXE) (CWE-611).
Impact
Processing a specially crafted XML file may lead to exposure of internal files on the system.
Solution
Update the Software
Update the software to the latest version according to the information provided by the developer.
Products Affected
- Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier
- Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier
- Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier
- Electronic delivery item Inspection Support System Ver.4.0.31 and earlier
Related
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
34.3%