PT-2024-19376 · Ministry Of Agriculture · Electronic Delivery Check System
Iwakawa Kento
+1
·
Published
2024-01-23
·
Updated
2025-06-05
·
CVE-2024-22380
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) versions 14.0.001.002 and earlier
Description
The issue is related to the improper restriction of XML external entity references (XXE) in the Electronic Delivery Check System. This allows an attacker to read arbitrary files on the system by processing a specially crafted XML file.
Recommendations
For versions 14.0.001.002 and earlier, consider disabling the XML processing functionality until a patch is available to prevent exploitation of the XXE issue. Restrict access to sensitive files and directories to minimize the risk of arbitrary file reading.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Electronic Delivery Check System