Vulnerability Description
Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dfeg | Electronic Deliverables Creation Support Tool | < 1.0.4 |
Related Weaknesses (CWE)
References
- https://jvn.jp/en/jp/JVN40049211/Third Party Advisory
- https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.htmlProduct
- https://jvn.jp/en/jp/JVN40049211/Third Party Advisory
- https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.htmlProduct
FAQ
What is CVE-2024-21796?
CVE-2024-21796 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict...
How severe is CVE-2024-21796?
CVE-2024-21796 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-21796?
Check the references section above for vendor advisories and patch information. Affected products include: Dfeg Electronic Deliverables Creation Support Tool.