CVE-2024-9044

Summary

A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.

Affected Software

VendorProductVersion RangeStatus
msg Suisse AGEasyTax2023 <= 1.2affected
msg Suisse AGEasyTax2022 <= 1.3affected
msg Suisse AGEasyTax<= 2021 <= *affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
  • CWE-827: CWE-827 Improper Control of Document Type Definition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References