6 matches found
Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense
Overview Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Electronic Delivery Check System Security Vulnerability
MAFF Electronic Delivery Check System is an electronic delivery check system from MAFF Japan. A security vulnerability exists in Electronic Delivery Check System Dentsu 18.1.0 and earlier, Dentsu 12.1.0 and earlier, Kikai 10.1.0 and earlier, which stems from the handling of specially crafted XML...
JVN#77736613: Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
"Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposu...
e-Tax Reception System Security Vulnerability
The e-Tax Reception System is an electronic tax management system organized by the National Tax Agency NTA of Japan. A security vulnerability exists in e-Tax Reception System version 3.0.10 and earlier, which stems from an improper restriction of XML External Entity References XXE, where processi...
JVN#14762986: Improper restriction of XML external entity references (XXE) in e-Tax software
e-Tax software provided by National Tax Agency improperly restricts XML external entity references XXE CWE-611 due to the configuration of the embedded XML parser. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software...
CVE-2023-38750
In Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed...