CVE-2023-22377

Published: Feb 15, 2023Modified: Mar 19, 2025

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

Affected (2)

Products: Fujitsu: Tsclinical Define.xml Generator, Tsclinical Metadata Desktop Tools

2 products

Tsclinical Define.xml Generator

Tsclinical Metadata Desktop Tools

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fujitsu Tsclinical Define.xml Generator	From 1.0.0 to 1.4.0
Fujitsu Tsclinical Metadata Desktop Tools	From 1.0.3 to 1.1.1

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (4)

https://github.com/tsClinical/tsc-desktop/security/advisories

Source: vultures@jpcert.or.jp

Third Party Advisory

https://jvn.jp/en/jp/JVN00712821/

Source: vultures@jpcert.or.jp

Third Party Advisory

https://github.com/tsClinical/tsc-desktop/security/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://jvn.jp/en/jp/JVN00712821/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.