CVE-2024-9044
4.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:N/SA:L
Summary
A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| msg Suisse AG | EasyTax | 2023 <= 1.2 | affected |
| msg Suisse AG | EasyTax | 2022 <= 1.3 | affected |
| msg Suisse AG | EasyTax | <= 2021 <= * | affected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
- CWE-827: CWE-827 Improper Control of Document Type Definition
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.