CVE-2024-21796

Published: Jan 24, 2024

Modified: Sep 10, 2024

PUBLISHED

Description

Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Vendor	Product	Versions
Ministry of Defense	Electronic Deliverables Creation Support Tool (Construction Edition)	affected `prior to Ver1.0.4`
Ministry of Defense	Electronic Deliverables Creation Support Tool (Design & Survey Edition)	affected `prior to Ver1.0.4`

References

https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html

https://jvn.jp/en/jp/JVN40049211/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-21796

Description

Affected Products

References