All the vulnerabilites related to National Tax Agency JAPAN - e-Tax Software
jvndb-2024-000103
Vulnerability from jvndb
Published
2024-09-24 16:12
Modified
2024-09-24 16:12
Severity ?
Summary
The installer of e-Tax software(common program) vulnerable to privilege escalation
Details
The installer of e-Tax software(common program) provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry (CWE-268). Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000103.html",
  "dc:date": "2024-09-24T16:12+09:00",
  "dcterms:issued": "2024-09-24T16:12+09:00",
  "dcterms:modified": "2024-09-24T16:12+09:00",
  "description": "The installer of e-Tax software(common program) provided by National Tax Agency contains a vulnerability which allows uploading a malicious DLL to be executed with higher privileges than that of an general user by altering registry (CWE-268).\r\n\r\nTakashi Yoshikawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000103.html",
  "sec:cpe": {
    "#text": "cpe:/a:nta:e-tax",
    "@product": "e-Tax Software",
    "@vendor": "National Tax Agency JAPAN",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "7.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2024-000103",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN57749899/index.html",
      "@id": "JVN#57749899",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2024-47045",
      "@id": "CVE-2024-47045",
      "@source": "CVE"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "The installer of e-Tax software(common program) vulnerable to privilege escalation"
}

jvndb-2023-000110
Vulnerability from jvndb
Published
2023-11-02 13:38
Modified
2024-05-01 18:41
Severity ?
Summary
Improper restriction of XML external entity references (XXE) in e-Tax software
Details
e-Tax software provided by National Tax Agency improperly restricts XML external entity references (XXE) (CWE-611) due to the configuration of the embedded XML parser. Toyama Taku of NEC Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000110.html",
  "dc:date": "2024-05-01T18:41+09:00",
  "dcterms:issued": "2023-11-02T13:38+09:00",
  "dcterms:modified": "2024-05-01T18:41+09:00",
  "description": "e-Tax software provided by National Tax Agency improperly restricts XML external entity references (XXE) (CWE-611) due to the configuration of the embedded XML parser.\r\n\r\nToyama Taku of NEC Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000110.html",
  "sec:cpe": {
    "#text": "cpe:/a:nta:e-tax",
    "@product": "e-Tax Software",
    "@vendor": "National Tax Agency JAPAN",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "1.2",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:L/AC:H/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "2.5",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2023-000110",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN14762986/index.html",
      "@id": "JVN#14762986",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-46802",
      "@id": "CVE-2023-46802",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-46802",
      "@id": "CVE-2023-46802",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Improper restriction of XML external entity references (XXE) in e-Tax software"
}

jvndb-2017-000145
Vulnerability from jvndb
Published
2017-06-28 16:40
Modified
2018-02-07 13:40
Severity ?
Summary
Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries
Details
Installer of Setup file of advance preparation for e-Tax software (WEB version) provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. BlackWingCat of Pink Flying Whale reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000145.html",
  "dc:date": "2018-02-07T13:40+09:00",
  "dcterms:issued": "2017-06-28T16:40+09:00",
  "dcterms:modified": "2018-02-07T13:40+09:00",
  "description": "Installer of Setup file of advance preparation for e-Tax software (WEB version) provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nBlackWingCat of Pink Flying Whale reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000145.html",
  "sec:cpe": {
    "#text": "cpe:/a:nta:e-tax",
    "@product": "e-Tax Software",
    "@vendor": "National Tax Agency JAPAN",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000145",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN79451345/index.html",
      "@id": "JVN#79451345",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2226",
      "@id": "CVE-2017-2226",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2226",
      "@id": "CVE-2017-2226",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Installer of Setup file of advance preparation for e-Tax software (WEB version) may insecurely load Dynamic Link Libraries"
}

jvndb-2016-000207
Vulnerability from jvndb
Published
2016-10-19 12:29
Modified
2018-01-17 11:48
Severity ?
Summary
The installer of e-Tax Software may insecurely load Dynamic Link Libraries
Details
The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000207.html",
  "dc:date": "2018-01-17T11:48+09:00",
  "dcterms:issued": "2016-10-19T12:29+09:00",
  "dcterms:modified": "2018-01-17T11:48+09:00",
  "description": "The installer of e-Tax Software provided by National Tax Agency contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.\r\n\r\nYuji Tounai of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000207.html",
  "sec:cpe": {
    "#text": "cpe:/a:nta:e-tax",
    "@product": "e-Tax Software",
    "@vendor": "National Tax Agency JAPAN",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000207",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN63012325/index.html",
      "@id": "JVN#63012325",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4901",
      "@id": "CVE-2016-4901",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4901",
      "@id": "CVE-2016-4901",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "The installer of e-Tax Software may insecurely load Dynamic Link Libraries"
}