CVE-2024-22380

low-risk
Published 2024-01-24

Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (1)

Electronic Delivery Check System

Affected Vendors

Maff

References (4)

Third Party Advisory https://jvn.jp/en/jp/JVN01434915/
Release Notes https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html
Third Party Advisory https://jvn.jp/en/jp/JVN01434915/
Release Notes https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html
23
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal