CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
34.3%
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Vendor | Product | Version | CPE |
---|---|---|---|
cals-ed | electronic_delivery_check_system | * | cpe:2.3:a:cals-ed:electronic_delivery_check_system:*:*:*:*:mechanical:*:*:* |
cals-ed | electronic_delivery_check_system | * | cpe:2.3:a:cals-ed:electronic_delivery_check_system:*:*:*:*:dentsu:*:*:* |
cals-ed | electronic_delivery_check_system | * | cpe:2.3:a:cals-ed:electronic_delivery_check_system:*:*:*:*:doboku:*:*:* |
cals-ed | electronic_delivery_item_inspection_support_system | * | cpe:2.3:a:cals-ed:electronic_delivery_item_inspection_support_system:*:*:*:*:*:*:*:* |
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
34.3%