CVE-2023-22377

Name of the Vulnerable Software and Affected Versions tsClinical Define.xml Generator versions 1.0.0 through 1.4.0 tsClinical Metadata Desktop Tools versions 1.0.3 through 1.1.0

Description An improper restriction of XML external entity reference (XXE) issue exists, allowing an attacker to obtain an arbitrary file by reading a specially crafted XML file if the vulnerability is exploited.

Recommendations For tsClinical Define.xml Generator versions 1.0.0 through 1.4.0, update to a version that addresses the XXE vulnerability. For tsClinical Metadata Desktop Tools versions 1.0.3 through 1.1.0, update to a version that addresses the XXE vulnerability. As a temporary workaround, consider restricting the use of XML external entities in the affected software until a patch is available.