CVE-2019-12415
published 2019-10-23CVE-2019-12415: In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an…
medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | poi | <= 4.1.0 | — |
| debian | libapache-poi-java | — | — |
| oracle | application_testing_suite | — | — |
| oracle | application_testing_suite | — | — |
| oracle | application_testing_suite | — | — |
| oracle | application_testing_suite | — | — |
| oracle | banking_enterprise_originations | — | — |
| oracle | banking_enterprise_originations | — | — |
| oracle | banking_enterprise_product_manufacturing | — | — |
| oracle | banking_enterprise_product_manufacturing | — | — |
| oracle | banking_payments | — | — |
| oracle | banking_payments | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | banking_platform | — | — |
| oracle | big_data_discovery | — | — |
| oracle | communications_diameter_signaling_router_idih | — | — |
| oracle | endeca_information_discovery_studio | — | — |
| oracle | enterprise_manager_base_platform | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM