Home

CVE-2019-12415

Description

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.022

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2019-12415 are fixed in Apache-poi 4.1.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.0Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59Windows
Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.7Windows
Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.8Windows
Multiple vulnerabilities are affected in Oracle Financial Services Revenue Management and Billing 2.9Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.0Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.11.0.1Windows
Multiple Vulnerabilities are affected in IBM Operational Decision Manager 8.12.0.1Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.7Windows
Vulnerabilities CVE-2019-12415,CVE-2023-44487 are affected in IBM Operational Decision Manager 9.0.0Windows
Vulnerabilities CVE-2019-12415 are fixed in Apache-poi for Linux 4.1.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234