Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improp
Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the…
| Vendor | Product | Versions |
|---|---|---|
| Ministry of Land, Infrastructure, Transport and Tourism, Japan | Electronic Delivery Check System (Doboku) | Ver.18.1.0 and earlier |
| Ministry of Land, Infrastructure, Transport and Tourism, Japan | Electronic Delivery Check System (Dentsu) | Ver.12.1.0 and earlier |
| Ministry of Land, Infrastructure, Transport and Tourism, Japan | Electronic Delivery Check System (Kikai) | Ver.10.1.0 and earlier |
| Ministry of Land, Infrastructure, Transport and Tourism, Japan | Electronic delivery item Inspection Support System | Ver.4.0.31 and earlier |
Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.