CVE-2023-42132

MEDIUM

FD Application < 9.01 - XML External Entity Injection

Title source: llm

Description

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/jp/JVN39596244/

Product

https://web.fd-shinsei.mhlw.go.jp/download/software/index.html

Scores

CVSS v3 5.5

EPSS 0.0019

EPSS Percentile 9.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

mhlw/fd_application < 9.01

Published Oct 02, 2023

Tracked Since Feb 18, 2026