Search
Find a vulnerability
Search criteria
4 vulnerabilities by Ministry of Agriculture, Forestry and Fisheries
CVE-2024-22380 (GCVE-0-2024-22380)
Vulnerability from nvd – Published: 2024-01-24 01:32 – Updated: 2025-06-05 16:09
VLAI
EPSS
VEX
Summary
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- XML external entities (XXE)
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ministry of Agriculture, Forestry and Fisheries | Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition |
Affected:
Ver.14.0.001.002 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN01434915/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T15:39:03.677309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T16:09:34.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition",
"vendor": "Ministry of Agriculture, Forestry and Fisheries",
"versions": [
{
"status": "affected",
"version": "Ver.14.0.001.002 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T01:32:47.520Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html"
},
{
"url": "https://jvn.jp/en/jp/JVN01434915/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22380",
"datePublished": "2024-01-24T01:32:47.520Z",
"dateReserved": "2024-01-12T07:58:22.276Z",
"dateUpdated": "2025-06-05T16:09:34.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22380 (GCVE-0-2024-22380)
Vulnerability from cvelistv5 – Published: 2024-01-24 01:32 – Updated: 2025-06-05 16:09
VLAI
EPSS
VEX
Summary
Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- XML external entities (XXE)
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ministry of Agriculture, Forestry and Fisheries | Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition |
Affected:
Ver.14.0.001.002 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN01434915/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-22380",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-24T15:39:03.677309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T16:09:34.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition",
"vendor": "Ministry of Agriculture, Forestry and Fisheries",
"versions": [
{
"status": "affected",
"version": "Ver.14.0.001.002 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML external entities (XXE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-24T01:32:47.520Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html"
},
{
"url": "https://jvn.jp/en/jp/JVN01434915/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-22380",
"datePublished": "2024-01-24T01:32:47.520Z",
"dateReserved": "2024-01-12T07:58:22.276Z",
"dateUpdated": "2025-06-05T16:09:34.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2024-000010
Vulnerability from jvndb - Published: 2024-01-23 15:25 - Updated:2024-03-14 17:33
Severity
Summary
Improper restriction of XML external entity references (XXE) in "Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)"
Details
"Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references (XXE) (CWE-611).
Iwakawa Kento and Toyama Taku of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000010.html",
"dc:date": "2024-03-14T17:33+09:00",
"dcterms:issued": "2024-01-23T15:25+09:00",
"dcterms:modified": "2024-03-14T17:33+09:00",
"description": "\"Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)\" provided by Ministry of Agriculture, Forestry and Fisheries improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nIwakawa Kento and Toyama Taku of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000010.html",
"sec:cpe": {
"#text": "cpe:/a:maff:electronic_delivery_check_system",
"@product": "Electronic Delivery Check System",
"@vendor": "Ministry of Agriculture, Forestry and Fisheries",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "1.2",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "2.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000010",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN01434915/index.html",
"@id": "JVN#01434915",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-22380",
"@id": "CVE-2024-22380",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-22380",
"@id": "CVE-2024-22380",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper restriction of XML external entity references (XXE) in \"Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version)\""
}
JVNDB-2017-000126
Vulnerability from jvndb - Published: 2017-06-09 15:48 - Updated:2018-02-14 14:00
Severity
Summary
Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries
Details
Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.
Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000126.html",
"dc:date": "2018-02-14T14:00+09:00",
"dcterms:issued": "2017-06-09T15:48+09:00",
"dcterms:modified": "2018-02-14T14:00+09:00",
"description": "Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nEili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000126.html",
"sec:cpe": {
"#text": "cpe:/a:maff:electronic_delivery_check_system",
"@product": "Electronic Delivery Check System",
"@vendor": "Ministry of Agriculture, Forestry and Fisheries",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000126",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65154137/index.html",
"@id": "JVN#65154137",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2188",
"@id": "CVE-2017-2188",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2188",
"@id": "CVE-2017-2188",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Denshinouhin Check System (for Ministry of Agriculture, Forestry and Fisheries Nouson Seibi Jigyou) may insecurely load Dynamic Link Libraries"
}