CVE-2024-21796 Information

Description

Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file arbitrary files on the system may be read by an attacker.

Reference

https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html https://jvn.jp/en/jp/JVN40049211/