CVE-2024-21765

Summary

Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Affected Software

VendorProductVersion RangeStatus
Ministry of Land, Infrastructure, Transport and Tourism, JapanElectronic Delivery Check System (Doboku)Ver.18.1.0 and earlieraffected
Ministry of Land, Infrastructure, Transport and Tourism, JapanElectronic Delivery Check System (Dentsu)Ver.12.1.0 and earlieraffected
Ministry of Land, Infrastructure, Transport and Tourism, JapanElectronic Delivery Check System (Kikai)Ver.10.1.0 and earlieraffected
Ministry of Land, Infrastructure, Transport and Tourism, JapanElectronic delivery item Inspection Support SystemVer.4.0.31 and earlieraffected

Weaknesses

  • XML external entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References