Описание
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Ссылки
- Third Party Advisory
- Release Notes
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 14.0.001.002 (включая)
cpe:2.3:a:maff:electronic_delivery_check_system:*:*:*:*:heisei_31_era:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
CWE-611
Связанные уязвимости
CVSS3: 5.5
github
около 2 лет назад
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
EPSS
Процентиль: 9%
0.00033
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-611
CWE-611