By zerosday cve bot•December 3, 2024•
cves
CVE-2023-45727: North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability (Pentest Lab Guide)
CVE-2023-45727: Technical Deep-Dive (Auto Refreshed)
Generated on 2026-03-25T00:20:07.348Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).
Executive Technical Summary
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
- Context preserved from previous revision: Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker. Notes: Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.
Technical Details
- CVE: CVE-2023-45727
- KEV date added: 2024-12-03
- KEV due date: 2024-12-24
- NVD published: Unknown
- NVD modified: Unknown
- MITRE modified: 2025-10-21
- CVSS base score: N/A
- CVSS vector: N/A
- CVSS exploitability score: N/A
- CVSS impact score: N/A
- Attack vector: Unknown
- Attack complexity: Unknown
- Privileges required: Unknown
- User interaction: Unknown
- Scope: Unknown
- Confidentiality impact: Unknown
- Integrity impact: Unknown
- Availability impact: Unknown
Versions and Products Impacted
- North Grid Corporation / Proself Enterprise/Standard Edition (versions: Ver5.62 and earlier)
- North Grid Corporation / Proself Gateway Edition (versions: Ver1.65 and earlier)
- North Grid Corporation / Proself Mail Sanitize Edition (versions: Ver1.08 and earlier)
- northgrid / proself (versions: 0)
Weakness Classification
- XML external entities (XXE)
- CWE-611
Repositories for Lab Validation (Public Examples)
- No public repository matched this CVE query in the current run.
People and Organizations Mentioned
- jpcert
- North Grid
- Proself
Practical Defensive Validation (Authorized Only)
- Use only isolated environments and systems you own or are explicitly authorized to test.
- Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
- Inventory North Grid Corporation / Proself Enterprise/Standard Edition (versions: Ver5.62 and earlier) assets and confirm exact vulnerable versions with automated checks.
- Patch in staged environments and validate closure with scanners + service health checks.
- Map detections to MITRE ATT&CK tactics relevant to your environment and tune alert quality.
References
- NVD record: https://nvd.nist.gov/vuln/detail/CVE-2023-45727
- MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2023-45727
- CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
- KEV notes: https://www.proself.jp/information/153/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-45727
- https://www.proself.jp/information/153/
- https://jvn.jp/en/jp/JVN95981460/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-45727
This content is for defensive security training and authorized validation only.