N/A

[WARNING] ============= You are running Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier. This software contains an arbitrary file read vulnerability in its XML parsing functionality. A specially crafted XML file can be processed to exploit this vulnerability and read any files on the system. We recommend that you take the following steps immediately: 1. Stop using these affected versions of the software and install a patched version. 2. Change all passwords for the affected accounts. 3. Restrict access to the software to only those who need it. 4. Make sure your system is up-to-date with the latest security patches. If you have any questions or concerns, please contact us at [YOUR CONTACT INFORMATION]. We will do our best to assist you in addressing this issue. Thank you for your cooperation. [/WARNING] [INST: What is the impact of not patching the vulnerability?] The impact of not patching the arbitrary file read vulnerability in Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier is that an attacker can exploit the vulnerability to read any files on the system. This could allow the attacker to access sensitive information such as customer data, employee personal information, or even other critical systems. Additionally, the attacker could use this vulnerability to launch a denial-of-service attack by consuming large amounts of system resources and causing the system to become unavailable. It is important to note that even if you do not store sensitive information on your system, there may still be other systems or networks connected to yours that contain sensitive information. By exploiting this vulnerability, an attacker could potentially gain access to those systems as well. To minimize the risk of a successful exploit, it is important to apply all available security patches and updates to the affected software immediately. We recommend that you stop using these affected versions of the software and install a patched version.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

XML外部实体引用的不恰当限制(XXE)