Vulnerabilities > CVE-2024-21765 - XXE vulnerability in Cals-Ed products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

cals-ed

CWE-611

NVD

Published: 2024-01-24

Updated: 2024-01-30

Summary

Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Vulnerable Configurations

Part	Description	Count
Application	Cals-Ed Cals ED Electronic Delivery Item Inspection Support System - Cals ED Electronic Delivery Item Inspection Support System 4.0.31 Cals ED Electronic Delivery Check System - Cals ED Electronic Delivery Check System 10.1.0 Cals ED Electronic Delivery Check System 12.1.0 Cals ED Electronic Delivery Check System 18.1.0	8

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References