CVE-2023-22377

EPSS 0.09%
Published 15.02.2023 01:15:10
Last modified 19.03.2025 18:15:19
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Fujitsu ≫ Tsclinical Define.Xml Generator Version >= 1.0.0 <= 1.4.0

Fujitsu ≫ Tsclinical Metadata Desktop Tools Version >= 1.0.3 < 1.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.222

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.4	2.2	5.2	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://github.com/tsClinical/tsc-desktop/security/advisories

Third Party Advisory

https://jvn.jp/en/jp/JVN00712821/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-22377

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-22377

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-22377

EUVD