GitHub Advisory DatabaseGHSA-Q56H-JJJ6-52MFImproper Restriction of XML External Entity Reference in Apache POI
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.3%
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.poi:poi | lt | 3.10.1 |
References
poi.apache.org/changes.html
rhn.redhat.com/errata/RHSA-2014-1370.html
rhn.redhat.com/errata/RHSA-2014-1398.html
rhn.redhat.com/errata/RHSA-2014-1399.html
rhn.redhat.com/errata/RHSA-2014-1400.html
www-01.ibm.com/support/docview.wss?uid=swg21996759
www.apache.org/dist/poi/release/RELEASE-NOTES.txt
exchange.xforce.ibmcloud.com/vulnerabilities/95770
github.com/advisories/GHSA-q56h-jjj6-52mf
github.com/apache/poi/commit/103b45073c7b504236588b3acc146530205af53c
github.com/apache/poi/commit/236c3c52a9b90688b2e57ec503559409e29f33ed
github.com/apache/poi/commit/6050a68d5adfb4ffef1edb778add09bcee32d1c3
github.com/apache/poi/commit/d72bd78c19dfb7b57395a66ae8d9269d59a87bd2
github.com/apache/poi/commit/eabb6a924be24abb879372d0bc967e0d316b2cf8
lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
nvd.nist.gov/vuln/detail/CVE-2014-3529
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.3%