CVE-2023-46802

Name of the Vulnerable Software and Affected Versions e-Tax software versions 3.0.10 and earlier

Description The issue is related to the improper restriction of XML external entity references (XXE) in the e-Tax software due to the configuration of the embedded XML parser. This allows an attacker to read arbitrary files on the system by processing a specially crafted XML file.

Recommendations For e-Tax software versions 3.0.10 and earlier, consider disabling the XML parser or restricting its use until a patch is available to prevent exploitation of the XXE issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.