Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file.
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tsclinical_define.xml_generator | Fujitsu | 1.0.0 (including) | 1.4.0 (including) |
| Tsclinical_metadata_desktop_tools | Fujitsu | 1.0.3 (including) | 1.1.1 (excluding) |