Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2024-01-24T01:32:53.509Z

Updated: 2024-09-10T18:01:34.579Z

Reserved: 2024-01-12T07:58:23.177Z

Link: CVE-2024-21796

cve-icon Vulnrichment

Updated: 2024-08-01T22:27:36.335Z

cve-icon NVD

Status : Modified

Published: 2024-01-24T02:15:07.180

Modified: 2024-11-21T08:55:01.280

Link: CVE-2024-21796

cve-icon Redhat

No data.