CVE-2019-12415

Опубликовано: 23 окт. 2019

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*

Версия до 4.1.0 (включая)

Конфигурация 2

Одно из

cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.2.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*

Версия от 8.0.6 (включая) до 8.0.9 (включая)

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*

Версия от 17.7 (включая) до 17.12 (включая)

cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00022

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2019-12415

CVSS3: 5.5

ubuntu

больше 6 лет назад

CVE-2019-12415

CVSS3: 5

redhat

почти 6 лет назад

CVE-2019-12415

CVSS3: 5.5

debian

больше 6 лет назад

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...

GHSA-9jwc-q6j3-8g9g

CVSS3: 5.5

github

больше 3 лет назад

Improper Restriction of XML External Entity Reference in Apache POI

BDU:2020-00970

CVSS3: 5.5

fstec

больше 6 лет назад

Уязвимость набора инструментов XSSFExportToXml Java-библиотеки для чтения и записи документов MS Office Apache POI, позволяющая нарушителю получить несанкционированный доступ на чтение файлов

EPSS

Процентиль: 5%

0.00022

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-611