Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to FUJITSU LIMITED - tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

cve-2023-22377

Vulnerability from cvelistv5

Published

2023-02-15 00:00

Modified

2024-08-02 10:07

Severity ?

Summary

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

References

▼	URL	Tags
	https://github.com/tsClinical/tsc-desktop/security/advisories
	https://jvn.jp/en/jp/JVN00712821/

Impacted products

▼	Vendor	Product
	FUJITSU LIMITED	tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tsClinical/tsc-desktop/security/advisories"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN00712821/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools",
          "vendor": "FUJITSU LIMITED",
          "versions": [
            {
              "status": "affected",
              "version": "tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper restriction of XML external entity reference",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-15T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://github.com/tsClinical/tsc-desktop/security/advisories"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN00712821/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-22377",
    "datePublished": "2023-02-15T00:00:00",
    "dateReserved": "2022-12-28T00:00:00",
    "dateUpdated": "2024-08-02T10:07:06.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}