CVE-2014-3529

🗓️ 04 Sep 2014 17:00:00Reported by redhatType

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue

Reporter	Title	Published	Views	Family All 48
IBM Security Bulletins	Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins	10 May 201914:29	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)	5 Sep 202312:52	–	ibm
IBM Security Bulletins	Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar	8 May 202308:37	–	ibm
IBM Security Bulletins	Security Bulletins for Emptoris Program Management	8 Dec 201816:15	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSource Apache Poi Vulnerabilities in IBM eDiscovery Manager	17 Jun 201812:17	–	ibm
IBM Security Bulletins	Security Bulletins for Emptoris Contract Management	8 Dec 201816:15	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Apache POI affect Asset and Service Management	22 Sep 202203:02	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Cognos affect IBM Control Center (CVE-2012-0213, CVE-2014-3574, CVE-2014-3529, CVE-2014-9527)	17 Dec 201922:47	–	ibm
IBM Security Bulletins	Security Bulletins for Emptoris Services Procurement	8 Dec 201816:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities	16 Jun 201820:07	–	ibm

NVD

Node

apache poiRange≤3.10

apache poiMatch0.1

apache poiMatch0.2

apache poiMatch0.3

apache poiMatch0.4

apache poiMatch0.5

apache poiMatch0.6

apache poiMatch0.7

apache poiMatch0.10.0

apache poiMatch0.11.0

apache poiMatch0.12.0

apache poiMatch0.13.0

apache poiMatch0.14.0

apache poiMatch1.0.0

apache poiMatch1.0.1

apache poiMatch1.0.2

apache poiMatch1.1.0

apache poiMatch1.2.0

apache poiMatch1.5

apache poiMatch1.5.1

apache poiMatch1.7dev

apache poiMatch1.8dev

apache poiMatch1.10dev

apache poiMatch2.0

apache poiMatch2.0pre1

apache poiMatch2.0pre2

apache poiMatch2.0pre3

apache poiMatch2.0rc1

apache poiMatch2.0rc2

apache poiMatch2.5

apache poiMatch2.5.1

apache poiMatch3.0

apache poiMatch3.0alpha1

apache poiMatch3.0alpha2

apache poiMatch3.0alpha3

apache poiMatch3.0.1

apache poiMatch3.0.2

apache poiMatch3.0.2beta1

apache poiMatch3.0.2beta2

apache poiMatch3.1

apache poiMatch3.1beta1

apache poiMatch3.1beta2

apache poiMatch3.2

apache poiMatch3.5

apache poiMatch3.5beta1

apache poiMatch3.5beta2

apache poiMatch3.5beta3

apache poiMatch3.5beta4

apache poiMatch3.5beta5

apache poiMatch3.5beta6

apache poiMatch3.6

apache poiMatch3.7

apache poiMatch3.7beta1

apache poiMatch3.7beta2

apache poiMatch3.7beta3

apache poiMatch3.8

apache poiMatch3.8beta1

apache poiMatch3.8beta2

apache poiMatch3.8beta3

apache poiMatch3.8beta4

apache poiMatch3.8beta5

apache poiMatch3.9

apache poiMatch3.10beta1

apache poiMatch3.10beta2

Source	Link
securityfocus	www.securityfocus.com/bid/69647
rhn	www.rhn.redhat.com/errata/RHSA-2014-1400.html
rhn	www.rhn.redhat.com/errata/RHSA-2014-1398.html
secunia	www.secunia.com/advisories/61766
apache	www.apache.org/dist/poi/release/RELEASE-NOTES.txt
securityfocus	www.securityfocus.com/bid/78018
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/95770
secunia	www.secunia.com/advisories/60419
rhn	www.rhn.redhat.com/errata/RHSA-2014-1370.html
secunia	www.secunia.com/advisories/59943

06 May 2026 22:30Current

7.1High risk

Vulners AI Score7.1

CVSS 24.3

EPSS0.05228