CVE-2024-21796

Summary

Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Affected Software

VendorProductVersion RangeStatus
Ministry of DefenseElectronic Deliverables Creation Support Tool (Construction Edition)prior to Ver1.0.4affected
Ministry of DefenseElectronic Deliverables Creation Support Tool (Design & Survey Edition)prior to Ver1.0.4affected

Weaknesses

  • XML external entities (XXE)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References