19 matches found
Security Bulletin: Vulnerabilities found in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center [CVE-2017-12626 and X-Force ID: 220800]
Summary Multiple vulnerabilities have been identified in poi-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published which addressed the applicable CVE 2017-1262 and X-Force ID: 2208...
Security Bulletin: The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology contains additional security fixes for X-Force ID 220800 and CVE-2017-12626
Summary Due to flaws in Apache POI, IBM® Engineering System Design Rhapsody is vulnerable to arbitrary code execution X-Force ID 220800 and denial of service CVE-2017-12626. Both vulnerabilities are fixed in v9.0.1 iFix005. Vulnerability Details CVEID:CVE-2017-12626 DESCRIPTION: Apache POI is...
Security Bulletin: Multiple vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology
Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...
ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), at.iem:sysson_2.10 (=1.12.0) +2533 more potentially affected by CVE-2017-12626 via org.apache.poi:poi (>=3.0-FINAL <=3.16-beta2)
org.apache.poi:poi MAVEN version =3.0-FINAL, =1.3, =1.10.2, =1.13.0, =1.0.1, =0.0.1, =1.1.8, =2.23.5, =2.23.5, =19.1.0, =2.23.5, =18.12.0 and more Source cves: CVE-2017-12626 Source advisory: OSV:GHSA-523C-XH4G-MH5M...
Security Bulletin: Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure (CVE-2019-12415, CVE-2017-12626)
Summary Apache Poi as used by IBMQRadar SIEM is vulnerable to information disclosure Vulnerability Details CVEID: CVE-2019-12415 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data by tool...
Security Bulletin: Multiple vulnerabilities in Open Source used in IBM Cloud Pak System
Summary Multiple vulnerabilities identified in Open Source used in IBM Cloud Pak System. IBM Cloud Pak System addressed vulnerabilities. Vulnerability Details CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the corre...
Security Bulletin: A security vulnerability has been identified in the Apache POI, which is vulnerable to Denial of Service. (CVE-2017-12626, CVE-2017-5644)
Summary The Apache POI has security vulnerability to exploit the application through denial of service. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details IBM Rational Asset Manager bundles Apache POI, which is used to set custom attribut...
Security Bulletin: IBM SPSS Statistics is affected by an Apache Poi vulnerability (CVE-2017-12626)
Summary IBM SPSS Statistics has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-12626 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuadin...
Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)
The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...
Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU)
According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.17, 16.x prior to 16.2.10, 17.x prior to 17.12.5, or 18.x prior to 18.8.7. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file re...
Security Bulletin: IBM Cognos Controller 2019Q2 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller
Summary This bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Controller. There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and the IBM® Runtime Environment Java™ Technology Edition, Version 8 that are used by IBM...
Security Bulletin: IBM OpenPages GRC Platform is affected by Apache POI vulnerability (CVE-2017-12626)
Summary IBM OpenPages GRC Platform has addressed Apache POI vulnerability CVE-2017-12626 Vulnerability Details CVEID: CVE-2017-12626 DESCRIPTION: Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and...
Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi
Summary Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application...
Security Bulletin: Vulnerability in Apache POI affects IBM Maximo Asset Management (CVE-2017-12626)
Summary Apache POI used by IBM Maximo Asset Management is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could exploit this vulnerability to consume all available CPU...
Apache POI < 3.17 Multiple DoS Vulnerabilities
The version of Apache POI installed on the remote host is a version prior to 3.17. It is, therefore, affected by multiple DoS vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C...
CVE-2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
CVE-2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
CVE-2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...
CVE-2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...