Описание
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Меры по смягчению последствий
The vulnerability is in the XSSFExportToXml util; avoid usage of this tool to mitigate the vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | poi | Out of support scope | ||
| Red Hat Decision Manager 7 | poi | Fix deferred | ||
| Red Hat JBoss BRMS 5 | poi | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | poi | Out of support scope | ||
| Red Hat JBoss Fuse 6 | poi | Out of support scope | ||
| Red Hat JBoss Fuse Service Works 6 | poi | Out of support scope | ||
| Red Hat Process Automation 7 | poi | Fix deferred | ||
| Red Hat Fuse 7.10 | poi | Fixed | RHSA-2021:5134 | 14.12.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS3
Связанные уязвимости
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...
Improper Restriction of XML External Entity Reference in Apache POI
Уязвимость набора инструментов XSSFExportToXml Java-библиотеки для чтения и записи документов MS Office Apache POI, позволяющая нарушителю получить несанкционированный доступ на чтение файлов
EPSS
5 Medium
CVSS3