Vulnerabilities > CVE-2023-32635 - XXE vulnerability in Edinet-Fsa Xbrl Data Create 7.0

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
low complexity
edinet-fsa
CWE-611

Summary

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.

Vulnerable Configurations

Part Description Count
Application
Edinet-Fsa
2