Sakaki Ryutaro

**Name of the Vulnerable Software and Affected Versions** FD Application versions 9.01 and earlier **Description** The issue improperly restricts XML external entity references (XXE), allowing an attacker to read arbitrary files on the system by processing a specially crafted XML file. **Recommendations** For FD Application versions 9.01 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Applicant Programme versions 7.06 and earlier **Description** The issue is related to the improper restriction of XML external entity references (XXE) in the Applicant Programme. This allows an attacker to read arbitrary files on the system by processing a specially crafted XML file. **Recommendations** For versions 7.06 and earlier, consider disabling XML external entity references until a patch is available. Restrict access to sensitive files and directories to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tsClinical Define.xml Generator versions 1.0.0 through 1.4.0 tsClinical Metadata Desktop Tools versions 1.0.3 through 1.1.0 **Description** An improper restriction of XML external entity reference (XXE) issue exists, allowing an attacker to obtain an arbitrary file by reading a specially crafted XML file if the vulnerability is exploited. **Recommendations** For tsClinical Define.xml Generator versions 1.0.0 through 1.4.0, update to a version that addresses the XXE vulnerability. For tsClinical Metadata Desktop Tools versions 1.0.3 through 1.1.0, update to a version that addresses the XXE vulnerability. As a temporary workaround, consider restricting the use of XML external entities in the affected software until a patch is available.