CVE-2023-32635

Summary

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.

Affected Software

VendorProductVersion RangeStatus
Financial Services AgencyXBRL data create applicationversion 7.0 and earlieraffected

Weaknesses

  • XML external entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References