Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMIMCVELIST:CVE-2023-3892
HistorySep 19, 2023 - 2:54 p.m.

CVE-2023-3892 Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE

2023-09-1914:54:12
CWE-611
MIM
www.cve.org
unsafe
xml parsing
xxe
mim assistant
mim client
dicom
vulnerability
mim software
security issue

5.6 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup.

In order to take advantage of this vulnerability, an attacker must
craft a malicious XML document, embed this document into specific 3rd
party private RTst metadata tags, transfer the now compromised
DICOM object to MIM, and force MIM to archive and load the data.

Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+).

This issue was found and analyzed by MIM Software’s internal security team.  We are unaware of any proof of concept or actual exploit available in the wild.

For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892

This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "DICOM RTst Loading"
    ],
    "product": "MIM Assistant",
    "vendor": "MIM Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.10"
      },
      {
        "status": "affected",
        "version": "7.3.3"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "modules": [
      "DICOM RTst Loading"
    ],
    "product": "MIM Client",
    "vendor": "MIM Software",
    "versions": [
      {
        "status": "affected",
        "version": "7.2.10"
      },
      {
        "status": "affected",
        "version": "7.3.3"
      }
    ]
  }
]

Related

nvd 1
cve 1
prion 1
nvd
nvd
CVE-2023-3892
2023-09-19 15:15:52
cve
cve
CVE-2023-3892
2023-09-19 15:15:52
prion
prion
Xxe
2023-09-19 15:15:00

5.6 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for CVELIST:CVE-2023-3892
nvd1cve1prion1