CVE-2023-22377

2023-02-1501:15:10

CWE-611

[email protected]

web.nvd.nist.gov

xml external entity

vulnerability

tsclinical define.xml generator

tsclinical metadata desktop tools

arbitrary file obtaintment

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

49.7%

JSON

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

Affected configurations

Nvd

Node

fujitsutsclinical_define.xml_generatorRange1.0.0–1.4.0

fujitsutsclinical_metadata_desktop_toolsRange1.0.3–1.1.1

VendorProductVersionCPE
fujitsutsclinical_define.xml_generator*cpe:2.3:a:fujitsu:tsclinical_define.xml_generator:*:*:*:*:*:*:*:*
fujitsutsclinical_metadata_desktop_tools*cpe:2.3:a:fujitsu:tsclinical_metadata_desktop_tools:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fujitsu	tsclinical_define.xml_generator	*	cpe:2.3:a:fujitsu:tsclinical_define.xml_generator::::::::
fujitsu	tsclinical_metadata_desktop_tools	*	cpe:2.3:a:fujitsu:tsclinical_metadata_desktop_tools::::::::