CVE-2019-12415
Severity
5.5MEDIUM
EPSS
0.0%
top 93.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 23
Latest updateJan 15
Description
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages29 packages
🔴Vulnerability Details
4📋Vendor Advisories
13Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Runtime Engine (Apache POI) — CVE-2019-12415↗2025-01-15
Oracle▶
Oracle Oracle Financial Services Applications Risk Matrix: Infrastructure (Apache POI) — CVE-2019-12415↗2023-04-15
Oracle
▶
Oracle▶
Oracle Oracle Insurance Applications Risk Matrix: Framework Administrator IBFA (Apache POI) — CVE-2019-12415↗2022-10-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: WebCenter Sites (Apache POI) — CVE-2019-12415↗2021-10-15
💬Community
2Bugzilla▶
CVE-2019-12415 apache-poi: poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem [fedora-all]↗2020-02-13
Bugzilla▶
CVE-2019-12415 poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem↗2020-02-13