In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Apr 2022, 13:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c@%3Cuser.tika.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007@%3Cuser.tika.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E - Mailing List, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory | |
First Time |
Oracle retail Predictive Application Server
Oracle flexcube Private Banking Oracle jdeveloper Oracle webcenter Portal Oracle financial Services Analytical Applications Infrastructure Oracle Oracle enterprise Manager Base Platform Oracle hyperion Infrastructure Technology Oracle banking Enterprise Originations Oracle endeca Information Discovery Studio Oracle retail Clearance Optimization Engine Oracle banking Payments Oracle financial Services Market Risk Measurement And Management Oracle primavera Gateway Oracle insurance Rules Palette Oracle banking Enterprise Product Manufacturing Oracle peoplesoft Enterprise Peopletools Oracle banking Platform Oracle webcenter Sites Oracle retail Order Broker Oracle instantis Enterprisetrack Oracle communications Diameter Signaling Router Idih\ Oracle primavera Unifier Oracle application Testing Suite Oracle insurance Policy Administration J2ee Oracle big Data Discovery Oracle enterprise Repository |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-10-23 20:15
Updated : 2023-12-10 13:13
NVD link : CVE-2019-12415
Mitre link : CVE-2019-12415
CVE.ORG link : CVE-2019-12415
JSON object : View
Products Affected
oracle
- jdeveloper
- flexcube_private_banking
- retail_clearance_optimization_engine
- hyperion_infrastructure_technology
- communications_diameter_signaling_router_idih\
- enterprise_manager_base_platform
- banking_platform
- instantis_enterprisetrack
- financial_services_market_risk_measurement_and_management
- banking_enterprise_originations
- primavera_gateway
- insurance_rules_palette
- enterprise_repository
- retail_predictive_application_server
- financial_services_analytical_applications_infrastructure
- banking_payments
- retail_order_broker
- endeca_information_discovery_studio
- webcenter_portal
- primavera_unifier
- insurance_policy_administration_j2ee
- peoplesoft_enterprise_peopletools
- application_testing_suite
- webcenter_sites
- big_data_discovery
- banking_enterprise_product_manufacturing
apache
- poi
CWE
CWE-611
Improper Restriction of XML External Entity Reference