Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 | Third Party Advisory US Government Resource |
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 06:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 - Third Party Advisory, US Government Resource |
Information
Published : 2021-07-09 11:15
Updated : 2024-11-21 06:08
NVD link : CVE-2021-32972
Mitre link : CVE-2021-32972
CVE.ORG link : CVE-2021-32972
JSON object : View
Products Affected
panasonic
- fpwin_pro
CWE
CWE-611
Improper Restriction of XML External Entity Reference