漏洞标识: JVN#44726469 漏洞类型: Improper restriction of XML external entity references (XXE) in XBRL data create application 受影响产品: XBRL data create application, versions 7.0 and earlier 漏洞描述: The XBRL data create application does not properly restrict XML external entity references (XXE), classified as CWE-611. 影响: An attacker can read arbitrary files on the system by processing a specially crafted XBRL file. 解决方法: Update the software to the latest version. 厂商状态: Financial Services Agency, EDINET Submit Site (Text in Japanese) CVSS评分: - CVSS v3: Base Score: 2.5 - CVSS v2: Base Score: 1.2 评论: The analysis prioritizes "Confidentiality(C)" for internal file access, with "Integrity(I)" and "Availability(A)" as secondary impacts. 发现者: Taku Toyama of NEC Corporation reported this vulnerability to IPA. 其他信息: Includes JPCERT Alert, JPCERT Reports, CERT Advisory, CPNI Advisory, TRnotes, CVE-2023-32635, JVNDB-2023-000072.