Search
Find a vulnerability
Search criteria
5 vulnerabilities by Ministry of Land, Infrastructure, Transport and Tourism
JVNDB-2024-000008
Vulnerability from jvndb - Published: 2024-01-23 16:57 - Updated:2024-03-13 17:40
Severity
Summary
Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
Details
"Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references (XXE) (CWE-611).
Toyama Taku, Iwakawa Kento of NEC Corporation, and Manami Kawauchi of NEC Fielding,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000008.html",
"dc:date": "2024-03-13T17:40+09:00",
"dcterms:issued": "2024-01-23T16:57+09:00",
"dcterms:modified": "2024-03-13T17:40+09:00",
"description": "\"Electronic Delivery Check System\" and \"Electronic delivery item Inspection Support System\" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nToyama Taku, Iwakawa Kento of NEC Corporation, and Manami Kawauchi of NEC Fielding,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000008.html",
"sec:cpe": [
{
"#text": "cpe:/a:mlit:electronic_delivery_check_system",
"@product": "Electronic Delivery Check System",
"@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
"@version": "2.2"
},
{
"#text": "cpe:/a:mlit:electronic_delivery_item_inspection_support_system",
"@product": "Electronic delivery item Inspection Support System",
"@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "1.2",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "2.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2024-000008",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN77736613/index.html",
"@id": "JVN#77736613",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-21765",
"@id": "CVE-2024-21765",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-21765",
"@id": "CVE-2024-21765",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper restriction of XML external entity references (XXE) in MLIT \"Electronic Delivery Check System\" and \"Electronic delivery item Inspection Support System\""
}
JVNDB-2023-000032
Vulnerability from jvndb - Published: 2023-04-04 15:22 - Updated:2024-06-04 15:56
Severity
Summary
Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
Details
National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references (XXE) (CWE-611).
Taku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000032.html",
"dc:date": "2024-06-04T15:56+09:00",
"dcterms:issued": "2023-04-04T15:22+09:00",
"dcterms:modified": "2024-06-04T15:56+09:00",
"description": "National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nTaku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000032.html",
"sec:cpe": {
"#text": "cpe:/a:mlit:national_land_numerical_information_data_conversion_tool",
"@product": "National land numerical information data conversion tool",
"@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "1.2",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "2.5",
"@severity": "Low",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000032",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75742861/index.html",
"@id": "JVN#75742861",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-25955",
"@id": "CVE-2023-25955",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25955",
"@id": "CVE-2023-25955",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool"
}
JVNDB-2017-000161
Vulnerability from jvndb - Published: 2017-07-04 14:43 - Updated:2018-02-07 12:32
Severity
Summary
Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries
Details
Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000161.html",
"dc:date": "2018-02-07T12:32+09:00",
"dcterms:issued": "2017-07-04T14:43+09:00",
"dcterms:modified": "2018-02-07T12:32+09:00",
"description": "Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000161.html",
"sec:cpe": {
"#text": "cpe:/a:mlit:mlit_roadworks_completion_drawing_check_program",
"@product": "Douro Kouji Kanseizutou Check Program",
"@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000161",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN82120115/index.html",
"@id": "JVN#82120115",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2230",
"@id": "CVE-2017-2230",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2230",
"@id": "CVE-2017-2230",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000162
Vulnerability from jvndb - Published: 2017-07-04 14:43 - Updated:2018-02-07 12:32
Severity
Summary
Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries
Details
The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000162.html",
"dc:date": "2018-02-07T12:32+09:00",
"dcterms:issued": "2017-07-04T14:43+09:00",
"dcterms:modified": "2018-02-07T12:32+09:00",
"description": "The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000162.html",
"sec:cpe": {
"#text": "cpe:/a:mlit:mlit_road_infrastructure_basic_data_system",
"@product": "Douroshisetu Kihon Data Sakusei System",
"@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000162",
"sec:references": [
{
"#text": "https://jvn.jp/ta/JVNTA91240916/",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN20409270/index.html",
"@id": "JVN#20409270",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2229",
"@id": "CVE-2017-2229",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2229",
"@id": "CVE-2017-2229",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000158
Vulnerability from jvndb - Published: 2017-07-03 14:14 - Updated:2018-02-07 12:20
Severity
Summary
Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries
Details
The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000158.html",
"dc:date": "2018-02-07T12:20+09:00",
"dcterms:issued": "2017-07-03T14:14+09:00",
"dcterms:modified": "2018-02-07T12:20+09:00",
"description": "The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000158.html",
"sec:cpe": {
"#text": "cpe:/a:mlit:denshiseikabutsusakuseishienkensa",
"@product": "MLIT DenshiSeikabutsuSakuseiShienKensa system",
"@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000158",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN06337557/index.html",
"@id": "JVN#06337557",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2231",
"@id": "CVE-2017-2231",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2231",
"@id": "CVE-2017-2231",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries"
}