Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE
Vulnerability Description
Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+). This issue was found and analyzed by MIM Software's internal security team. We are unaware of any proof of concept or actual exploit available in the wild. For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
MIM Software 代码问题漏洞
Vulnerability Description
MIM Software是美国MIM Software公司的一款远程访问应用程序。致力于帮助客户提供尽可能好的患者护理。 MIM 7.2.10版本和7.3.3版本存在安全漏洞,该漏洞源于对 XML 外部实体引用限制不当。
CVSS Information
N/A
Vulnerability Type
N/A