CVE-2023-3892

Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup.<br /> <br /> <br /> <br /> <br /> In order to take advantage of this vulnerability, an attacker must <br /> craft a malicious XML document, embed this document into specific 3rd <br /> party private RTst metadata tags, transfer the now compromised <br /> DICOM object to MIM, and force MIM to archive and load the data.<br /> <br /> Users on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+).<br /> <br /> This issue was found and analyzed by MIM Software&amp;#39;s internal security team.  We are unaware of any proof of concept or actual exploit available in the wild.<br /> <br /> <br /> For more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 <br /> <br /> <br /> <br /> <br /> This issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.<br /> <br /> <br />