CVE-2024-21796
MEDIUM WAF: High
CVSS 5.5
Published: 2024-01-24
CWE-611 CWE-611
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dfeg | electronic_deliverables_creation_support_tool | up to 1.0.4 |
| dfeg | electronic_deliverables_creation_support_tool | up to 1.0.4 |
References
- jvn.jp (Third Party Advisory)
- www.dfeg.mod.go.jp (Product)