CVE-2023-27527

Summary

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.

Affected Software

VendorProductVersion RangeStatus
The Ministry of JusticeShinseiyo Sogo Soft(7.9A) and earlieraffected

Weaknesses

  • Improper restriction of XML external entity reference (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References