exploitDog

CVE-2023-42132

Опубликовано: 02 окт. 2023

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Ссылки

https://jvn.jp/en/jp/JVN39596244/
Third Party Advisory
https://web.fd-shinsei.mhlw.go.jp/download/software/index.html
Product
https://jvn.jp/en/jp/JVN39596244/
Third Party Advisory
https://web.fd-shinsei.mhlw.go.jp/download/software/index.html
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mhlw:fd_application:*:*:*:*:*:*:*:*

Версия до 9.01 (включая)

EPSS

Процентиль: 8%

0.00028

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-611

Связанные уязвимости

GHSA-63vx-fx7j-2x6p

CVSS3: 5.5

github

больше 2 лет назад

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

EPSS

Процентиль: 8%

0.00028

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-611