CVE-2023-27527

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:touki-kyoutaku-online:shinseiyo_sogo_soft:*:*:*:*:*:*:*:*

History

16 May 2023, 20:33

Type Values Removed Values Added
References (MISC) https://jvn.jp/en/jp/JVN73178249/ - (MISC) https://jvn.jp/en/jp/JVN73178249/ - Third Party Advisory
References (MISC) https://www.touki-kyoutaku-online.moj.go.jp/ - (MISC) https://www.touki-kyoutaku-online.moj.go.jp/ - Product
First Time Touki-kyoutaku-online
Touki-kyoutaku-online shinseiyo Sogo Soft
CWE CWE-611
CPE cpe:2.3:a:touki-kyoutaku-online:shinseiyo_sogo_soft:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

10 May 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-05-10 06:15

Updated : 2023-12-10 15:01


NVD link : CVE-2023-27527

Mitre link : CVE-2023-27527

CVE.ORG link : CVE-2023-27527


JSON object : View

Products Affected

touki-kyoutaku-online

  • shinseiyo_sogo_soft
CWE
CWE-611

Improper Restriction of XML External Entity Reference