Security Bulletin: Multiple vulnerabilities affect embedded rules in IBM Business Automation Workflow

Summary Embedded rules in IBM Business Automation Workflow are affected by multiple vulnerabilities. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2018-1000632 DESCRIPTION: dom4j could allow a remote attacker to execute arbitrary code o...

Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)

Summary Multiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External...

ae.teletronics.nlp:entityextraction (>=1.3 <=1.4), at.iem:sysson_2.10 (=1.12.0) +1672 more potentially affected by CVE-2017-5644 via org.apache.poi:poi (>=3.0-FINAL <=3.14-beta1)

org.apache.poi:poi MAVEN version =3.0-FINAL, =1.3, =1.10.2, =1.0.1, =1.1.8, =2.23.5, =2.23.5, =19.1.0, =2.23.5, =2.23.5, =20.3.0, =2.23.5, =2.23.5, =20.2.0 and more Source cves: CVE-2017-5644 Source advisory: OSV:GHSA-78VV-QJ73-H9M5...

Security Bulletin: A security vulnerability has been identified in the Apache POI, which is vulnerable to Denial of Service. (CVE-2017-12626, CVE-2017-5644)

Summary The Apache POI has security vulnerability to exploit the application through denial of service. Respective security vulnerabilities are discussed in detail in the subsequent sections. Vulnerability Details IBM Rational Asset Manager bundles Apache POI, which is used to set custom attribut...

Security Bulletin: IBM Tivoli Netcool Impact is affected by an Open Source Apache Poi vulnerability (CVE-2017-5644)

Summary IBM Tivoli Netcool Impact has addressed the following vulnerability Open Source Apache Poi vulnerability CVE-2017-5644. Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when...

Security Bulletin: Apache POI as used in IBM QRadar SIEM is vulnerable to a denial of service. (CVE-2017-5644)

Summary Open Source Apache Poi Vulnerability Vulnerability Details CVEID: CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could...

Security Bulletin: Vulnerability in Apache POI affects IBM Emptoris Services Procurement (CVE-2017-5644)

Summary Open Source Apache Poi vulnerability affects IBM Emptoris Services Procurement Vulnerability Details CVE-ID: CVE-2017-5644 Description: Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection XXE error when processing XML data. By using a specially-craft...

CVE-2017-5644

Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service CPU consumption via a specially crafted OOXML file, aka an XML Entity Expansion XEE attack...

CVE-2017-5644

CVE-2017-5644 affects Apache POI: versions prior to 3.15 are vulnerable to an XML Entity Expansion (XEE) denial of service via a specially crafted OOXML file, causing high CPU usage. Documented impact is a CPU consumption DoS rather than code execution. Public references in the connected material...