Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN01434915/ | Third Party Advisory |
https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html | Release Notes |
Configurations
History
30 Jan 2024, 22:14
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-611 | |
References | () https://jvn.jp/en/jp/JVN01434915/ - Third Party Advisory | |
References | () https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Maff electronic Delivery Check System
Maff |
|
CPE | cpe:2.3:a:maff:electronic_delivery_check_system:*:*:*:*:heisei_31_era:*:*:* |
24 Jan 2024, 13:49
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
24 Jan 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-24 02:15
Updated : 2024-01-30 22:14
NVD link : CVE-2024-22380
Mitre link : CVE-2024-22380
CVE.ORG link : CVE-2024-22380
JSON object : View
Products Affected
maff
- electronic_delivery_check_system
CWE
CWE-611
Improper Restriction of XML External Entity Reference