1 results (0.005 seconds)
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2023-3892 – Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE
https://notcve.org/view.php?id=CVE-2023-3892
19 Sep 2023 — Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must craft a malicious XML document, embed this document into specific 3rd party private RTst metadata tags, transfer the now compromised DICOM object to MIM, and force MIM to archive and load the data. Users on either version are strongly encouraged to update to an un... • https://www.mimsoftware.com/cve-2023-3892 • CWE-611: Improper Restriction of XML External Entity Reference •