Skip to content

Improper Restriction of XML External Entity Reference...

High severity Unreviewed Published Sep 19, 2023 to the GitHub Advisory Database • Updated Apr 4, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup.

In order to take advantage of this vulnerability, an attacker must
craft a malicious XML document, embed this document into specific 3rd
party private RTst metadata tags, transfer the now compromised
DICOM object to MIM, and force MIM to archive and load the data.

Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+).

This issue was found and analyzed by MIM Software's internal security team.  We are unaware of any proof of concept or actual exploit available in the wild.

For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892

This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.

References

Published by the National Vulnerability Database Sep 19, 2023
Published to the GitHub Advisory Database Sep 19, 2023
Last updated Apr 4, 2024

Severity

High

EPSS score

0.043%
(10th percentile)

Weaknesses

CVE ID

CVE-2023-3892

GHSA ID

GHSA-r5mr-q22m-29hf

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.