CVE-2021-32972

Panasonic FPWIN Pro, all Versions 7.5.1.1 and prior, allows an attacker to craft a project file specifying a URI that causes the XML parser to access the URI and embed the contents, which may allow the attacker to disclose information that is accessible in the context of the user executing software.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 Third Party Advisory US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:panasonic:fpwin_pro:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:08

Type Values Removed Values Added
References () https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-21-180-03 - Third Party Advisory, US Government Resource

Information

Published : 2021-07-09 11:15

Updated : 2024-11-21 06:08


NVD link : CVE-2021-32972

Mitre link : CVE-2021-32972

CVE.ORG link : CVE-2021-32972


JSON object : View

Products Affected

panasonic

  • fpwin_pro
CWE
CWE-611

Improper Restriction of XML External Entity Reference