Search

Find a vulnerability

Search criteria

    5 vulnerabilities by Ministry of Land, Infrastructure, Transport and Tourism

    JVNDB-2024-000008

    Vulnerability from jvndb - Published: 2024-01-23 16:57 - Updated:2024-03-13 17:40
    Severity
    Summary
    Improper restriction of XML external entity references (XXE) in MLIT "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System"
    Details
    "Electronic Delivery Check System" and "Electronic delivery item Inspection Support System" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references (XXE) (CWE-611). Toyama Taku, Iwakawa Kento of NEC Corporation, and Manami Kawauchi of NEC Fielding,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000008.html",
      "dc:date": "2024-03-13T17:40+09:00",
      "dcterms:issued": "2024-01-23T16:57+09:00",
      "dcterms:modified": "2024-03-13T17:40+09:00",
      "description": "\"Electronic Delivery Check System\" and \"Electronic delivery item Inspection Support System\" provided by Ministry of Land, Infrastructure, Transport and Tourism, Japan improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nToyama Taku, Iwakawa Kento of NEC Corporation, and Manami Kawauchi of NEC Fielding,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000008.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:mlit:electronic_delivery_check_system",
          "@product": "Electronic Delivery Check System",
          "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:mlit:electronic_delivery_item_inspection_support_system",
          "@product": "Electronic delivery item Inspection Support System",
          "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "1.2",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2024-000008",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN77736613/index.html",
          "@id": "JVN#77736613",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-21765",
          "@id": "CVE-2024-21765",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2024-21765",
          "@id": "CVE-2024-21765",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper restriction of XML external entity references (XXE) in MLIT \"Electronic Delivery Check System\" and \"Electronic delivery item Inspection Support System\""
    }

    JVNDB-2023-000032

    Vulnerability from jvndb - Published: 2023-04-04 15:22 - Updated:2024-06-04 15:56
    Severity
    Summary
    Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool
    Details
    National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references (XXE) (CWE-611). Taku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000032.html",
      "dc:date": "2024-06-04T15:56+09:00",
      "dcterms:issued": "2023-04-04T15:22+09:00",
      "dcterms:modified": "2024-06-04T15:56+09:00",
      "description": "National land numerical information data conversion tool provided by MLIT improperly restricts XML external entity references (XXE) (CWE-611).\r\n\r\nTaku Toyama and Kohei Matsumoto of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000032.html",
      "sec:cpe": {
        "#text": "cpe:/a:mlit:national_land_numerical_information_data_conversion_tool",
        "@product": "National land numerical information data conversion tool",
        "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "1.2",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "2.5",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2023-000032",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN75742861/index.html",
          "@id": "JVN#75742861",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2023-25955",
          "@id": "CVE-2023-25955",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-25955",
          "@id": "CVE-2023-25955",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool"
    }

    JVNDB-2017-000161

    Vulnerability from jvndb - Published: 2017-07-04 14:43 - Updated:2018-02-07 12:32
    Severity
    Summary
    Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries
    Details
    Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000161.html",
      "dc:date": "2018-02-07T12:32+09:00",
      "dcterms:issued": "2017-07-04T14:43+09:00",
      "dcterms:modified": "2018-02-07T12:32+09:00",
      "description": "Installer of Douro Kouji Kanseizutou Check Program provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. and BlackWingCat of Pink Flying Whale reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000161.html",
      "sec:cpe": {
        "#text": "cpe:/a:mlit:mlit_roadworks_completion_drawing_check_program",
        "@product": "Douro Kouji Kanseizutou Check Program",
        "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000161",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN82120115/index.html",
          "@id": "JVN#82120115",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2230",
          "@id": "CVE-2017-2230",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2230",
          "@id": "CVE-2017-2230",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Douro Kouji Kanseizutou Check Program may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000162

    Vulnerability from jvndb - Published: 2017-07-04 14:43 - Updated:2018-02-07 12:32
    Severity
    Summary
    Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries
    Details
    The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000162.html",
      "dc:date": "2018-02-07T12:32+09:00",
      "dcterms:issued": "2017-07-04T14:43+09:00",
      "dcterms:modified": "2018-02-07T12:32+09:00",
      "description": "The installer of Douroshisetu Kihon Data Sakusei System provided by National Institute for Land and Infrastructure Management contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000162.html",
      "sec:cpe": {
        "#text": "cpe:/a:mlit:mlit_road_infrastructure_basic_data_system",
        "@product": "Douroshisetu Kihon Data Sakusei System",
        "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000162",
      "sec:references": [
        {
          "#text": "https://jvn.jp/ta/JVNTA91240916/",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/en/jp/JVN20409270/index.html",
          "@id": "JVN#20409270",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2229",
          "@id": "CVE-2017-2229",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2229",
          "@id": "CVE-2017-2229",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Douroshisetu Kihon Data Sakusei System may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000158

    Vulnerability from jvndb - Published: 2017-07-03 14:14 - Updated:2018-02-07 12:20
    Severity
    Summary
    Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries
    Details
    The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000158.html",
      "dc:date": "2018-02-07T12:20+09:00",
      "dcterms:issued": "2017-07-03T14:14+09:00",
      "dcterms:modified": "2018-02-07T12:20+09:00",
      "description": "The installer and the self-extracting archive including the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000158.html",
      "sec:cpe": {
        "#text": "cpe:/a:mlit:denshiseikabutsusakuseishienkensa",
        "@product": "MLIT DenshiSeikabutsuSakuseiShienKensa system",
        "@vendor": "Ministry of Land, Infrastructure, Transport and Tourism",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000158",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN06337557/index.html",
          "@id": "JVN#06337557",
          "@source": "JVN"
        },
        {
          "#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2231",
          "@id": "CVE-2017-2231",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2231",
          "@id": "CVE-2017-2231",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer and self-extracting archive containing the installer of MLIT DenshiSeikabutsuSakuseiShienKensa system may insecurely load Dynamic Link Libraries"
    }