In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an malicious user to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache poi |
||
oracle application testing suite 12.5.0.3 |
||
oracle application testing suite 13.1.0.1 |
||
oracle application testing suite 13.2.0.1 |
||
oracle application testing suite 13.3.0.1 |
||
oracle banking enterprise originations 2.7.0 |
||
oracle banking enterprise originations 2.8.0 |
||
oracle banking enterprise product manufacturing 2.7.0 |
||
oracle banking enterprise product manufacturing 2.8.0 |
||
oracle banking payments 14.0.0 |
||
oracle banking payments 14.1.0 |
||
oracle banking platform 2.4.0 |
||
oracle banking platform 2.4.1 |
||
oracle banking platform 2.5.0 |
||
oracle banking platform 2.6.0 |
||
oracle banking platform 2.6.1 |
||
oracle banking platform 2.6.2 |
||
oracle banking platform 2.7.0 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.9.0 |
||
oracle big data discovery 1.6 |
||
oracle communications diameter signaling router idih |
||
oracle endeca information discovery studio 3.2.0 |
||
oracle enterprise manager base platform 12.1.0.5 |
||
oracle enterprise manager base platform 13.3.0.0 |
||
oracle enterprise manager base platform 13.4.0.0 |
||
oracle enterprise repository 12.1.3.0.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle financial services market risk measurement and management 8.0.6 |
||
oracle financial services market risk measurement and management 8.0.8 |
||
oracle flexcube private banking 12.0.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle hyperion infrastructure technology 11.1.2.4 |
||
oracle instantis enterprisetrack 17.1 |
||
oracle instantis enterprisetrack 17.2 |
||
oracle instantis enterprisetrack 17.3 |
||
oracle insurance policy administration j2ee 11.0.2 |
||
oracle insurance policy administration j2ee 11.1.0 |
||
oracle insurance policy administration j2ee 11.2.0 |
||
oracle insurance rules palette 10.2.0 |
||
oracle insurance rules palette 10.2.4 |
||
oracle insurance rules palette 11.0.2 |
||
oracle insurance rules palette 11.1.0 |
||
oracle insurance rules palette 11.2.0 |
||
oracle jdeveloper 12.2.1.4.0 |
||
oracle peoplesoft enterprise peopletools 8.57 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle primavera gateway 17.12.6 |
||
oracle primavera gateway 18.8.8.1 |
||
oracle primavera unifier |
||
oracle primavera unifier 16.1 |
||
oracle primavera unifier 16.2 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier 19.12 |
||
oracle retail clearance optimization engine 14.0 |
||
oracle retail order broker 15.0 |
||
oracle retail order broker 16.0 |
||
oracle retail predictive application server 15.0.3 |
||
oracle retail predictive application server 16.0.3 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle webcenter sites 12.2.1.3.0 |
||
oracle webcenter sites 12.2.1.4.0 |