Lucene search
K

17 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 12:53 a.m.5 views

Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).

Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...

5.5CVSS7.3AI score0.0099EPSS
Exploits0Affected Software1
Circl
Circl
added 2024/01/27 8:11 a.m.7 views

CVE-2019-12415

creationtimestamp| type| source ---|---|--- 2024-01-27 08:11:19+00:00| seen| https://t.me/ctinow/174673...

5.5CVSS6.8AI score0.0099EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/11 1:32 p.m.40 views

Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow

Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...

9.8CVSS9.3AI score0.3038EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/05 12:52 p.m.84 views

Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)

Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

7.1CVSS8.5AI score0.13258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 8:37 a.m.46 views

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External...

7.1CVSS7.8AI score0.13258EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/09 7:36 p.m.47 views

Security Bulletin: IBM Sterling B2B Integrator is vulnerable to XML Enternal Entity error due to Apache POI (CVE-2019-12415)

Summary IBM Sterling B2B Integrator has addressed the XXE security vulnerability in Apache POI Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by...

5.5CVSS7.1AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/12 1:21 p.m.70 views

Security Bulletin: Apache POI up to 4.1.0 allows an attacker while converting user-provided document to XML

Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker​​. Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive...

5.5CVSS7.6AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/06 5:31 a.m.32 views

Security Bulletin: A security vulnerability has been identified in Apache POI shipped with IBM Tivoli Netcool Impact (CVE-2019-12415)

Summary Apache POI is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache POI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive informatio...

5.5CVSS0.8AI score0.0099EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/24 4:59 p.m.6 views

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.stainless:grails-tika (=0.1.0) +5788 more potentially affected by CVE-2019-12415 via org.apache.poi:poi (>=3.0-FINAL <=4.1.0)

org.apache.poi:poi MAVEN version =3.0-FINAL, =1.3, =1.10.2, =1.13.0, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.8 and more Source cves: CVE-2019-12415 Source advisory: OSV:GHSA-9JWC-Q6J3-8G9G...

5.5CVSS6.7AI score0.0099EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/21 12:38 p.m.52 views

Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)

Summary Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by tool...

7.5CVSS1.4AI score0.10248EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/08/29 8:57 a.m.25 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache POI

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache POI. Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML da...

5.5CVSS1.3AI score0.0099EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/24 12:23 p.m.38 views

Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415)

Summary The Apache POI that is bundled along with Rational Asset Manager has a potential security vulnerability, which could be exploited by a remote attacker to obtain sensitive information. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability...

5.5CVSS0.6AI score0.0099EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2020/02/13 11:44 a.m.49 views

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing. Mitigation The...

5.5CVSS3.3AI score0.0099EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/10/23 8:15 p.m.39 views

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

5.5CVSS6.8AI score0.0099EPSS
Exploits0References3
CVE
CVE
added 2019/10/23 7:27 p.m.344 views

CVE-2019-12415

CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...

5.5CVSS6.7AI score0.0099EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVE
added 2019/10/23 7:27 p.m.37 views

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

5.5CVSS6.8AI score0.0099EPSS
Exploits0
Symantec
Symantec
added 2019/10/23 12:0 a.m.80 views

Apache POI CVE-2019-12415 XML External Entity Information Disclosure Vulnerability

Description Apache POI is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Apache POI version 4.1.0 and prior are vulnerable. Technologies Affected Apache POI 0.1 Apache POI 0.10.0 Apache...

2.1CVSS1AI score0.0099EPSS
Exploits0References1Affected Software8
Rows per page
Query Builder