Search

Find a vulnerability

Search criteria

    1 vulnerability found for National land numerical information data conversion tool by Ministry of Land, Infrastructure, Transport and Tourism

    JVNDB-2023-000032

    Vulnerability from jvndb - Published: 2023-04-04 15:22 - Updated:2024-06-04 15:56
    Severity
    Summary
    Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
    Details
    National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references (XXE) (CWE-611). Taku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000032.html",
      "dc:date": "2024-06-04T15:56+09:00",
      "dcterms:issued": "2023-04-04T15:22+09:00",
      "dcterms:modified": "2024-06-04T15:56+09:00",
      "description": "National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nTaku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000032.html",
      "sec:cpe": {
        "#text": "cpe:/a:mlit:national_land_numerical_information_data_conversion_tool",
        "@product": "National land numerical information data conversion tool",
        "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "1.2",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000032",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN75742861/index.html",
          "@id": "JVN#75742861",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-25955",
          "@id": "CVE-2023-25955",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25955",
          "@id": "CVE-2023-25955",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool"
    }