Vulnerabilities > CVE-2023-46802 - XXE vulnerability in NTA E-Tax 1.17.1

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

nta

CWE-611

NVD

Published: 2023-11-06

Updated: 2023-11-14

Summary

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Vulnerable Configurations

Part	Description	Count
Application	Nta NTA E TAX 1.17.1	1

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://www.e-tax.nta.go.jp/topics/topics_20231102.htm
https://jvn.jp/en/jp/JVN14762986/