Versio.io

CVE-2019-12415

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 23-10-2019 10:15
Last modified: - 08-04-2022 03:30
Total changes: - 7

Description

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Low
Attack complexity
Local
Attack vector
None
Availability
High
Confidentiality
None
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
5.5
Base score
1.8
3.6
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=apache AND product=poi AND versionEndIncluding=4.1.0
OR
vendor=oracle AND product=application_testing_suite AND version=12.5.0.3
vendor=oracle AND product=application_testing_suite AND version=13.1.0.1
vendor=oracle AND product=application_testing_suite AND version=13.2.0.1
vendor=oracle AND product=application_testing_suite AND version=13.3.0.1
vendor=oracle AND product=banking_enterprise_originations AND version=2.7.0
vendor=oracle AND product=banking_enterprise_originations AND version=2.8.0
vendor=oracle AND product=banking_enterprise_product_manufacturing AND version=2.7.0
vendor=oracle AND product=banking_enterprise_product_manufacturing AND version=2.8.0
vendor=oracle AND product=banking_payments AND version=14.0.0
vendor=oracle AND product=banking_payments AND version=14.1.0
vendor=oracle AND product=banking_platform AND version=2.4.0
vendor=oracle AND product=banking_platform AND version=2.4.1
vendor=oracle AND product=banking_platform AND version=2.5.0
vendor=oracle AND product=banking_platform AND version=2.6.0
vendor=oracle AND product=banking_platform AND version=2.6.1
vendor=oracle AND product=banking_platform AND version=2.6.2
vendor=oracle AND product=banking_platform AND version=2.7.0
vendor=oracle AND product=banking_platform AND version=2.7.1
vendor=oracle AND product=banking_platform AND version=2.9.0
vendor=oracle AND product=big_data_discovery AND version=1.6
vendor=oracle AND product= AND version=8.0.0
vendor=oracle AND product= AND version=8.2.2
vendor=oracle AND product=endeca_information_discovery_studio AND version=3.2.0
vendor=oracle AND product=enterprise_manager_base_platform AND version=12.1.0.5
vendor=oracle AND product=enterprise_manager_base_platform AND version=13.3.0.0
vendor=oracle AND product=enterprise_manager_base_platform AND version=13.4.0.0
vendor=oracle AND product=enterprise_repository AND version=12.1.3.0.0
vendor=oracle AND product=financial_services_analytical_applications_infrastructure AND versionEndIncluding=8.0.9 AND versionStartIncluding=8.0.6
vendor=oracle AND product=financial_services_market_risk_measurement_and_management AND version=8.0.6
vendor=oracle AND product=financial_services_market_risk_measurement_and_management AND version=8.0.8
vendor=oracle AND product=flexcube_private_banking AND version=12.0.0
vendor=oracle AND product=flexcube_private_banking AND version=12.1.0
vendor=oracle AND product=hyperion_infrastructure_technology AND version=11.1.2.4
vendor=oracle AND product=instantis_enterprisetrack AND version=17.1
vendor=oracle AND product=instantis_enterprisetrack AND version=17.2
vendor=oracle AND product=instantis_enterprisetrack AND version=17.3
vendor=oracle AND product=insurance_policy_administration_j2ee AND version=11.0.2
vendor=oracle AND product=insurance_policy_administration_j2ee AND version=11.1.0
vendor=oracle AND product=insurance_policy_administration_j2ee AND version=11.2.0
vendor=oracle AND product=insurance_rules_palette AND version=10.2.0
vendor=oracle AND product=insurance_rules_palette AND version=10.2.4
vendor=oracle AND product=insurance_rules_palette AND version=11.0.2
vendor=oracle AND product=insurance_rules_palette AND version=11.1.0
vendor=oracle AND product=insurance_rules_palette AND version=11.2.0
vendor=oracle AND product=jdeveloper AND version=12.2.1.4.0
vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.57
vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.58
vendor=oracle AND product=peoplesoft_enterprise_peopletools AND version=8.59
vendor=oracle AND product=primavera_gateway AND version=17.12.6
vendor=oracle AND product=primavera_gateway AND version=18.8.8.1
vendor=oracle AND product=primavera_unifier AND version=16.1
vendor=oracle AND product=primavera_unifier AND version=16.2
vendor=oracle AND product=primavera_unifier AND versionEndIncluding=17.12 AND versionStartIncluding=17.7
vendor=oracle AND product=primavera_unifier AND version=18.8
vendor=oracle AND product=primavera_unifier AND version=19.12
vendor=oracle AND product=retail_clearance_optimization_engine AND version=14.0
vendor=oracle AND product=retail_order_broker AND version=15.0
vendor=oracle AND product=retail_order_broker AND version=16.0
vendor=oracle AND product=retail_predictive_application_server AND version=15.0.3
vendor=oracle AND product=retail_predictive_application_server AND version=16.0.3
vendor=oracle AND product=webcenter_portal AND version=12.2.1.3.0
vendor=oracle AND product=webcenter_portal AND version=12.2.1.4.0
vendor=oracle AND product=webcenter_sites AND version=12.2.1.3.0
vendor=oracle AND product=webcenter_sites AND version=12.2.1.4.0
 

Reference

 


Keywords

NVD

 

CVE-2019-12415

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.