Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE
CVE-2023-3892

7.4HIGH

Key Information:

Vendor: MIM Software
Status: MIM Assistant; MIM Client
Vendor: CVE Published:; 19 September 2023

🔔 Create MIM Software Vulnerability Alert

What is CVE-2023-3892?

An improper restriction in the XML External Entity Reference vulnerability within MIM Assistant and Client's DICOM RTst loading modules allows attackers to exploit XML Entity Linking. By crafting a malicious XML document and embedding it into private RTst metadata tags, an attacker can transfer a compromised DICOM object to MIM, leading to arbitrary data manipulation upon loading. Users are advised to update to versions 7.2.11 or 7.3.4 and above to mitigate this issue. As of now, there are no known exploits in the wild related to this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MIM Assistant 7.2.10

MIM Assistant 7.3.3

MIM Client 7.2.10

References

https://www.mimsoftware.com/cve-2023-3892

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 19, 2023
Vulnerability Reserved
Jul 24, 2023

Credit

MIM Software

JSON

MIM Software

What is CVE-2023-3892?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.