CVE-2024-21796

Name of the Vulnerable Software and Affected Versions Electronic Deliverables Creation Support Tool (Construction Edition) versions prior to 1.0.4 Electronic Deliverables Creation Support Tool (Design & Survey Edition) versions prior to 1.0.4

Description The issue is related to the improper restriction of XML external entity references (XXE) in the affected software. By processing a specially crafted XML file, an attacker may be able to read arbitrary files on the system.

Recommendations For Electronic Deliverables Creation Support Tool (Construction Edition) versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. For Electronic Deliverables Creation Support Tool (Design & Survey Edition) versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of XML files from untrusted sources until a patch is available.