Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jpcert
Published: 2024-01-24T01:32:53.509Z
Updated: 2024-09-10T18:01:34.579Z
Reserved: 2024-01-12T07:58:23.177Z
Link: CVE-2024-21796
Vulnrichment
Updated: 2024-08-01T22:27:36.335Z
NVD
Status : Modified
Published: 2024-01-24T02:15:07.180
Modified: 2024-11-21T08:55:01.280
Link: CVE-2024-21796
Redhat
No data.