CVE-2024-9044 MEDIUM

CVE-2024-9044: XML External Entity (XXE) Vulnerability in EasyTax

Vendor Msg Suisse Ag
Product EasyTax
Weakness CWE-611 · XXE
Published November 29, 2024
Last update November 29, 2024

CVSS base score

4.6/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:N/SA:L

What the vulnerability does

01Description

A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.

Key dates

02Disclosure timeline

November 29, 2024 CVE published
November 29, 2024 Record updated