CVE-2024-9044

A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS.

CVSS

No CVSS.

References

Link	Resource
https://www.ag.ch/de/verwaltung/dfr/steuern/natuerliche-personen/steuererklaerung-easytax

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se ha identificado una vulnerabilidad de entidad externa XML (XXE) en Easy Tax Client Software 2023 1.2 y versiones anteriores en múltiples plataformas, incluidas Windows, Linux y macOS.

29 Nov 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-29 08:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-9044

Mitre link : CVE-2024-9044

CVE.ORG link : CVE-2024-9044

JSON object : View

Products Affected

No product.

CWE

CWE-611

Improper Restriction of XML External Entity Reference

CWE-827

Improper Control of Document Type Definition

{"id": "CVE-2024-9044", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:L/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-29T08:15:05.297", "references": [{"url": "https://www.ag.ch/de/verwaltung/dfr/steuern/natuerliche-personen/steuererklaerung-easytax", "source": "vulnerability@ncsc.ch"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "vulnerability@ncsc.ch", "description": [{"lang": "en", "value": "CWE-611"}, {"lang": "en", "value": "CWE-827"}]}], "descriptions": [{"lang": "en", "value": "A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad de entidad externa XML (XXE) en Easy Tax Client Software 2023 1.2 y versiones anteriores en m\u00faltiples plataformas, incluidas Windows, Linux y macOS."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "vulnerability@ncsc.ch"}