CVE-2024-22380

MEDIUM

Electronic Delivery Check System - XXE

Title source: llm

Description

Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

References (2)

[Third Party Advisory] https://jvn.jp/en/jp/JVN01434915/

[Release Notes] https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html

Scores

CVSS v3 5.5

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

maff/electronic_delivery_check_system < 14.0.001.002

Published Jan 24, 2024

Tracked Since Feb 18, 2026