In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
21 Nov 2024, 04:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E - | |
References | () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E - | |
References | () https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | () https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory |
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-10-23 20:15
Updated : 2024-11-21 04:22
NVD link : CVE-2019-12415
Mitre link : CVE-2019-12415
CVE.ORG link : CVE-2019-12415
JSON object : View
Products Affected
oracle
- financial_services_analytical_applications_infrastructure
- enterprise_repository
- flexcube_private_banking
- primavera_gateway
- peoplesoft_enterprise_peopletools
- banking_platform
- primavera_unifier
- jdeveloper
- endeca_information_discovery_studio
- banking_payments
- communications_diameter_signaling_router_idih\
- application_testing_suite
- retail_order_broker
- banking_enterprise_product_manufacturing
- retail_clearance_optimization_engine
- enterprise_manager_base_platform
- financial_services_market_risk_measurement_and_management
- instantis_enterprisetrack
- insurance_policy_administration_j2ee
- banking_enterprise_originations
- insurance_rules_palette
- big_data_discovery
- webcenter_sites
- retail_predictive_application_server
- webcenter_portal
- hyperion_infrastructure_technology
apache
- poi
CWE
CWE-611
Improper Restriction of XML External Entity Reference