PT-2022-17794 · Microsoft · Exchange Server +1

🗓️ 04 Mar 2022 00:00:00Reported by Positive TechnologiesType

ptsecurity🔗 dbugs.ptsecurity.com👁 1 Views

poi-scratchpad HMEF package allows crafted TNEF files to trigger out of memory error in versions 5.2.0 and earlier.

Reporter	Title	Published	Views	Family All 34
IBM Security Bulletins	Security Bulletin: Apache POI is vulnerable to a denial of service, caused by an out of memory exception flaw in the HMEF package(CVE-2022-26336)	7 Feb 202313:51	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Decision Optimization for Cloud Pak for Data is vulnerable to a denial of service (CVE-2022-26336)	20 Jun 202408:44	–	ibm
IBM Security Bulletins	Security Bulletin: A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception, which affects IBM watsonx.data	29 Aug 202514:38	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in Apache poi-scratchpad shipped with IBM Tivoli Netcool Impact (CVE-2022-26336)	4 Jul 202219:16	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities	27 Mar 202516:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache POI	27 Apr 202214:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.0 has addressed security vulnerabilities	29 Nov 202322:26	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities	20 Jun 202415:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Asset Management is vulnerable to Apache poi-ooxml-3.9-20121203 in BIRT (CVE-2016-5000, CVE-2017-12626, CVE-2017-5644, CVE-2019-12415, CVE-2022-26336)	16 May 202511:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operations Analytics - Log Analysis is affected by potential data integrity and denial of service due to Apache POI	6 Apr 202614:33	–	ibm

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2022-26336
osv	www.osv.dev/vulnerability/GHSA-mqvp-7rrg-9jxc
ubuntu	www.ubuntu.com/security/CVE-2022-26336
lists	www.lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09j
osv	www.osv.dev/vulnerability/UBUNTU-CVE-2022-26336
osv	www.osv.dev/vulnerability/CVE-2022-26336
cve	www.cve.org/CVERecord
t	www.t.me/cibsecurity/38428
t	www.t.me/cvenotify/27764
security	www.security.netapp.com/advisory/ntap-20221028-0006

07 Dec 2022 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.15.5

CVSS 24.3

EPSS0.00049