All the vulnerabilites related to Ministry of Land, Infrastructure, Transport and Tourism, Japan - Electronic Delivery Check System (Kikai)
cve-2024-21765
Vulnerability from cvelistv5
Published
2024-01-24 01:32
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.cals-ed.go.jp/checksys-release-20231130/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ysk.nilim.go.jp/cals/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN77736613/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Electronic Delivery Check System (Doboku)",
"vendor": "Ministry of Land, Infrastructure, Transport and Tourism, Japan",
"versions": [
{
"status": "affected",
"version": "Ver.18.1.0 and earlier"
}
]
},
{
"product": "Electronic Delivery Check System (Dentsu)",
"vendor": "Ministry of Land, Infrastructure, Transport and Tourism, Japan",
"versions": [
{
"status": "affected",
"version": "Ver.12.1.0 and earlier"
}
]
},
{
"product": "Electronic Delivery Check System (Kikai)",
"vendor": "Ministry of Land, Infrastructure, Transport and Tourism, Japan",
"versions": [
{
"status": "affected",
"version": "Ver.10.1.0 and earlier"
}
]
},
{
"product": "Electronic delivery item Inspection Support System",
"vendor": "Ministry of Land, Infrastructure, Transport and Tourism, Japan",
"versions": [
{
"status": "affected",
"version": "Ver.4.0.31 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T01:32:42.611Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "http://www.cals-ed.go.jp/checksys-release-20231130/"
},
{
"url": "https://www.ysk.nilim.go.jp/cals/"
},
{
"url": "https://jvn.jp/en/jp/JVN77736613/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-21765",
"datePublished": "2024-01-24T01:32:42.611Z",
"dateReserved": "2024-01-12T07:58:24.236Z",
"dateUpdated": "2024-08-01T22:27:36.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}