Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

CVSS v3:

  • Severity: Medium
  • Score: 5.5
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 2.1
  • AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / poi - 4.1.0.x
oracle / flexcube_private_banking 12.1.0 12.1.0.x
oracle / primavera_unifier 16.2 16.2.x
oracle / banking_platform 2.4.0 2.4.0.x
oracle / enterprise_manager_base_platform 12.1.0.5 12.1.0.5.x
oracle / flexcube_private_banking 12.0.0 12.0.0.x
oracle / banking_platform 2.4.1 2.4.1.x
oracle / enterprise_repository 12.1.3.0.0 12.1.3.0.0.x
oracle / banking_platform 2.5.0 2.5.0.x
oracle / primavera_unifier 16.1 16.1.x
oracle / insurance_rules_palette 10.2.0 10.2.0.x
oracle / application_testing_suite 12.5.0.3 12.5.0.3.x
oracle / webcenter_portal 12.2.1.3.0 12.2.1.3.0.x
oracle / banking_payments 14.0.0 14.0.0.x
oracle / webcenter_sites 12.2.1.3.0 12.2.1.3.0.x
oracle / banking_payments 14.1.0 14.1.0.x
oracle / peoplesoft_enterprise_peopletools 8.57 8.57.x
oracle / application_testing_suite 13.1.0.1 13.1.0.1.x
oracle / application_testing_suite 13.2.0.1 13.2.0.1.x
oracle / application_testing_suite 13.3.0.1 13.3.0.1.x
oracle / retail_order_broker 15.0 15.0.x
oracle / retail_order_broker 16.0 16.0.x
oracle / banking_platform 2.6.0 2.6.0.x
oracle / banking_platform 2.6.1 2.6.1.x
oracle / banking_platform 2.6.2 2.6.2.x
oracle / primavera_unifier 18.8 18.8.x
oracle / retail_predictive_application_server 15.0.3 15.0.3.x
oracle / primavera_unifier 17.7 17.12.x
oracle / financial_services_market_risk_measurement_and_management 8.0.6 8.0.6.x
oracle / endeca_information_discovery_studio 3.2.0 3.2.0.x
oracle / instantis_enterprisetrack 17.1 17.1.x
oracle / instantis_enterprisetrack 17.2 17.2.x
oracle / instantis_enterprisetrack 17.3 17.3.x
oracle / enterprise_manager_base_platform 13.3.0.0 13.3.0.0.x
oracle / peoplesoft_enterprise_peopletools 8.58 8.58.x
oracle / primavera_unifier 19.12 19.12.x
oracle / webcenter_sites 12.2.1.4.0 12.2.1.4.0.x
oracle / webcenter_portal 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_manager_base_platform 13.4.0.0 13.4.0.0.x
oracle / hyperion_infrastructure_technology 11.1.2.4 11.1.2.4.x
oracle / financial_services_market_risk_measurement_and_management 8.0.8 8.0.8.x
oracle / jdeveloper 12.2.1.4.0 12.2.1.4.0.x
oracle / banking_platform 2.7.0 2.7.0.x
oracle / banking_platform 2.7.1 2.7.1.x
oracle / banking_platform 2.9.0 2.9.0.x
oracle / primavera_gateway 17.12.6 17.12.6.x
oracle / primavera_gateway 18.8.8.1 18.8.8.1.x
oracle / big_data_discovery 1.6 1.6.x
oracle / insurance_rules_palette 10.2.4 10.2.4.x
oracle / insurance_rules_palette 11.0.2 11.0.2.x
oracle / insurance_rules_palette 11.1.0 11.1.0.x
oracle / insurance_rules_palette 11.2.0 11.2.0.x
oracle / insurance_policy_administration_j2ee 11.0.2 11.0.2.x
oracle / insurance_policy_administration_j2ee 11.1.0 11.1.0.x
oracle / insurance_policy_administration_j2ee 11.2.0 11.2.0.x
oracle / banking_enterprise_originations 2.8.0 2.8.0.x
oracle / banking_enterprise_originations 2.7.0 2.7.0.x
oracle / banking_enterprise_product_manufacturing 2.7.0 2.7.0.x
oracle / banking_enterprise_product_manufacturing 2.8.0 2.8.0.x
oracle / peoplesoft_enterprise_peopletools 8.59 8.59.x
oracle / financial_services_analytical_applications_infrastructure 8.0.6 8.0.9.x
oracle / retail_predictive_application_server 16.0.3 16.0.3.x
oracle / communications_diameter_signaling_router_idih- 8.0.0 8.0.0.x
oracle / communications_diameter_signaling_router_idih- 8.2.2 8.2.2.x
oracle / retail_clearance_optimization_engine 14.0 14.0.x
org.apache.poi / poi - 4.1.1