CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22377

Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.1%

CVSS Severity

CVSS v3 Score 7.4

References

Products affected by CVE-2023-22377

Fujitsu » Tsclinical Define.xml Generator » Version: 1.1.0

cpe:2.3:a:fujitsu:tsclinical_define.xml_generator:1.1.0
Fujitsu » Tsclinical Define.xml Generator » Version: 1.4.0

cpe:2.3:a:fujitsu:tsclinical_define.xml_generator:1.4.0
Fujitsu » Tsclinical Metadata Desktop Tools » Version: 1.0.3

cpe:2.3:a:fujitsu:tsclinical_metadata_desktop_tools:1.0.3
Fujitsu » Tsclinical Metadata Desktop Tools » Version: 1.1.0

cpe:2.3:a:fujitsu:tsclinical_metadata_desktop_tools:1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-22377

Products

Pricing

Contact Us