CVE-2023-22377

EPSS 0.09%
Veröffentlicht 15.02.2023 01:15:10
Zuletzt bearbeitet 19.03.2025 18:15:19
Quelle vultures@jpcert.or.jp
Teams Watchlist Login
Unerledigt Login

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fujitsu ≫ Tsclinical Define.Xml Generator Version >= 1.0.0 <= 1.4.0

Fujitsu ≫ Tsclinical Metadata Desktop Tools Version >= 1.0.3 < 1.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://github.com/tsClinical/tsc-desktop/security/advisories

Third Party Advisory

https://jvn.jp/en/jp/JVN00712821/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22377

EUVD