Описание
National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mlit:national_land_numerical_information_data_conversion_tool:*:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 5.5
github
почти 3 года назад
National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
EPSS
Процентиль: 17%
0.00053
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
CWE-611