Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for e-Tax Software by National Tax Agency JAPAN

    JVNDB-2024-000103

    Vulnerability from jvndb - Published: 2024-09-24 16:12 - Updated:2024-09-24 16:12
    Severity
    Summary
    The installer of e-Tax software(common program) vulnerable to privilege escalation
    Details
    The installer of e-Tax software(common program) provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry (CWE-268). Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000103.html",
      "dc:date": "2024-09-24T16:12+09:00",
      "dcterms:issued": "2024-09-24T16:12+09:00",
      "dcterms:modified": "2024-09-24T16:12+09:00",
      "description": "The installer of e-Tax software(common program) provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry (CWE-268).\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000103.html",
      "sec:cpe": {
        "#text": "cpe:/a:nta:e-tax",
        "@product": "e-Tax Software",
        "@vendor": "National Tax Agency JAPAN",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "7.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000103",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN57749899/index.html",
          "@id": "JVN#57749899",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47045",
          "@id": "CVE-2024-47045",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of e-Tax software(common program) vulnerable to privilege escalation"
    }

    JVNDB-2023-000110

    Vulnerability from jvndb - Published: 2023-11-02 13:38 - Updated:2024-05-01 18:41
    Severity
    Summary
    Improper restriction of XML external entity references (XXE) in e-Tax software
    Details
    e-Tax software provided by National Tax Agency improperly restricts XML external entity references (XXE) (CWE-611) due to the configuration of the embedded XML parser. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000110.html",
      "dc:date": "2024-05-01T18:41+09:00",
      "dcterms:issued": "2023-11-02T13:38+09:00",
      "dcterms:modified": "2024-05-01T18:41+09:00",
      "description": "e-Tax software provided by National Tax Agency improperly restricts XML external entity references (XXE) (CWE-611) due to the configuration of the embedded XML parser.\r\n\r\nToyama Taku of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000110.html",
      "sec:cpe": {
        "#text": "cpe:/a:nta:e-tax",
        "@product": "e-Tax Software",
        "@vendor": "National Tax Agency JAPAN",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "1.2",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000110",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN14762986/index.html",
          "@id": "JVN#14762986",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-46802",
          "@id": "CVE-2023-46802",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46802",
          "@id": "CVE-2023-46802",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper restriction of XML external entity references (XXE) in e-Tax software"
    }

    JVNDB-2017-000145

    Vulnerability from jvndb - Published: 2017-06-28 16:40 - Updated:2018-02-07 13:40
    Severity
    Summary
    Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
    Details
    Installer of Setup file of advance preparation for e-Tax software (WEB version) provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. BlackWingCat of Pink Flying Whale reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000145.html",
      "dc:date": "2018-02-07T13:40+09:00",
      "dcterms:issued": "2017-06-28T16:40+09:00",
      "dcterms:modified": "2018-02-07T13:40+09:00",
      "description": "Installer of Setup file of advance preparation for e-Tax software (WEB version) provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nBlackWingCat of Pink Flying Whale reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000145.html",
      "sec:cpe": {
        "#text": "cpe:/a:nta:e-tax",
        "@product": "e-Tax Software",
        "@vendor": "National Tax Agency JAPAN",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000145",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN79451345/index.html",
          "@id": "JVN#79451345",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2226",
          "@id": "CVE-2017-2226",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2226",
          "@id": "CVE-2017-2226",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2016-000207

    Vulnerability from jvndb - Published: 2016-10-19 12:29 - Updated:2018-01-17 11:48
    Severity
    Summary
    The installer of e-Tax Software may insecurely load Dynamic Link Libraries
    Details
    The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000207.html",
      "dc:date": "2018-01-17T11:48+09:00",
      "dcterms:issued": "2016-10-19T12:29+09:00",
      "dcterms:modified": "2018-01-17T11:48+09:00",
      "description": "The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000207.html",
      "sec:cpe": {
        "#text": "cpe:/a:nta:e-tax",
        "@product": "e-Tax Software",
        "@vendor": "National Tax Agency JAPAN",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2016-000207",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN63012325/index.html",
          "@id": "JVN#63012325",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4901",
          "@id": "CVE-2016-4901",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4901",
          "@id": "CVE-2016-4901",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of e-Tax Software may insecurely load Dynamic Link Libraries"
    }