17 matches found
Security Bulletin:IBM Storage Protect Server is affected by a vulnerability in the Apache POI library that could lead to denial-of-service when processing specially crafted archive files (CVE-2019-12415).
Summary IBM Storage Protect Server uses the Apache POI library in certain components; this library is vulnerable to processing specially crafted archive files that may cause excessive memory allocation, potentially leading to a denial-of-service condition. Vulnerability Details CVEID:CVE-2019-124...
CVE-2019-12415
creationtimestamp| type| source ---|---|--- 2024-01-27 08:11:19+00:00| seen| https://t.me/ctinow/174673...
Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow
Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...
Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)
Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External...
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to XML Enternal Entity error due to Apache POI (CVE-2019-12415)
Summary IBM Sterling B2B Integrator has addressed the XXE security vulnerability in Apache POI Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by...
Security Bulletin: Apache POI up to 4.1.0 allows an attacker while converting user-provided document to XML
Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker. Vulnerability Details CVEID:CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive...
Security Bulletin: A security vulnerability has been identified in Apache POI shipped with IBM Tivoli Netcool Impact (CVE-2019-12415)
Summary Apache POI is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting Apache POI has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive informatio...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), ai.stainless:grails-tika (=0.1.0) +5788 more potentially affected by CVE-2019-12415 via org.apache.poi:poi (>=3.0-FINAL <=4.1.0)
org.apache.poi:poi MAVEN version =3.0-FINAL, =1.3, =1.10.2, =1.13.0, =1.2.0, =1.0.1, =0.0.1, =0.0.1, =0.0.8 and more Source cves: CVE-2019-12415 Source advisory: OSV:GHSA-9JWC-Q6J3-8G9G...
Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)
Summary Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by tool...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache POI
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache POI. Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML da...
Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415)
Summary The Apache POI that is bundled along with Rational Asset Manager has a potential security vulnerability, which could be exploited by a remote attacker to obtain sensitive information. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing. Mitigation The...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
CVE-2019-12415
CVE-2019-12415 affects Apache POI up to version 4.1.0. The vulnerability arises when using the tool XSSFExportToXml to convert user-supplied Excel documents, allowing an attacker to read local filesystem or internal network resources via XML External Entity (XXE) processing. The Connected documen...
CVE-2019-12415
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...
Apache POI CVE-2019-12415 XML External Entity Information Disclosure Vulnerability
Description Apache POI is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Apache POI version 4.1.0 and prior are vulnerable. Technologies Affected Apache POI 0.1 Apache POI 0.10.0 Apache...