CVE-2023-42132

Summary

FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Affected Software

VendorProductVersion RangeStatus
Ministry of Health, Labour and WelfareFD ApplicationApr. 2022 Edition (Version 9.01) and earlieraffected

Weaknesses

  • XML external entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References