Описание
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Ссылки
- Third Party Advisory
- Product
- Third Party Advisory
- Product
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.4 (исключая)Версия до 1.0.4 (исключая)
Одно из
cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:construction:*:*
cpe:2.3:a:dfeg:electronic_deliverables_creation_support_tool:*:*:*:*:*:design_\&_survey:*:*
EPSS
Процентиль: 5%
0.00021
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 5.5
github
около 2 лет назад
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
EPSS
Процентиль: 5%
0.00021
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
CWE-611