PT-2024-19043 · Unknown · Electronic Delivery Item Inspection Support System+1
Iwakawa Kento
+2
·
Published
2024-01-23
·
Updated
2025-12-16
·
CVE-2024-21765
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Electronic Delivery Check System (Doboku) versions 18.1.0 and earlier
Electronic Delivery Check System (Dentsu) versions 12.1.0 and earlier
Electronic Delivery Check System (Kikai) versions 10.1.0 and earlier
Electronic delivery item Inspection Support System versions 4.0.31 and earlier
Description
The affected systems improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, an attacker may be able to read arbitrary files on the system.
Recommendations
For Electronic Delivery Check System (Doboku) versions 18.1.0 and earlier, consider disabling XML external entity references until a patch is available.
For Electronic Delivery Check System (Dentsu) versions 12.1.0 and earlier, consider disabling XML external entity references until a patch is available.
For Electronic Delivery Check System (Kikai) versions 10.1.0 and earlier, consider disabling XML external entity references until a patch is available.
For Electronic delivery item Inspection Support System versions 4.0.31 and earlier, consider disabling XML external entity references until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Electronic Delivery Check System
Electronic Delivery Item Inspection Support System