Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/29 8:55 p.m.6 views

Security Bulletin: IBM InfoSphere Information Server is affected by an improper input validation vulnerability in Apache POI (CVE-2025-31672)

Summary An improper input validation vulnerability in Apache POI that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xls...

5.3CVSS6.3AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 3:13 p.m.4 views

Security Bulletin: Improper Input Validation in Apache POI OOXML Parsing Allows Ambiguity with Duplicate ZIP Entries (Fixed in poi-ooxml 5.4.0) affects watsonx.data

Summary Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In...

5.3CVSS7.1AI score0.01237EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 5:44 a.m.8 views

Security Bulletin: There is a vulnerability in poi-ooxml-5.3.0.jarused by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-31672)

Summary There is a vulnerability in poi-ooxml-5.3.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like...

5.3CVSS6.5AI score0.01237EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2025/04/09 12:30 p.m.7 views

ai.chat2db.excel:easyexcel-plus (=0.0.1), ai.chat2db.excel:easyexcel-plus-core (=0.0.1) +3470 more potentially affected by CVE-2025-31672 via org.apache.poi:poi-ooxml (>=5.0.0 <=5.3.0)

org.apache.poi:poi-ooxml MAVEN version =5.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =0.5.1, =1.1.0 and more Source cves: CVE-2025-31672 Source advisory: SNYK:JAVA-ORGAPACHEPOI-9685010...

5.3CVSS6.6AI score0.01237EPSS
Exploits0
Snyk
Snyk
added 2025/04/09 12:30 p.m.2 views

Improper Input Validation

Overview org.apache.poi:poi-ooxml is a Java API To Access Microsoft Format Files. Affected versions of this package are vulnerable to Improper Input Validation due to the parsing process of OOXML format files. An attacker can manipulate the file content by adding zip entries with duplicate names,...

6.9CVSS6.7AI score0.01237EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/04/09 12:30 p.m.8 views

ai.chat2db.excel:easyexcel-plus (=0.0.1), ai.chat2db.excel:easyexcel-plus-core (=0.0.1) +7055 more potentially affected by CVE-2025-31672 via org.apache.poi:poi-ooxml (>=3.5-FINAL <=5.3.0)

org.apache.poi:poi-ooxml MAVEN version =3.5-FINAL, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =0.5.1, =1.1.0 and more Source cves: CVE-2025-31672 Source advisory: OSV:GHSA-GMG8-593G-7MV3...

5.3CVSS6.6AI score0.01237EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/05/08 8:37 a.m.47 views

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar

Summary Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External...

7.1CVSS7.8AI score0.13258EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 1:24 a.m.5 views

org.apache.poi:poi-examples (=3.11-beta1), org.apache.poi:poi-excelant (=3.11-beta1) +2 more potentially affected by CVE-2014-3574 via org.apache.poi:poi (=3.11-beta1)

org.apache.poi:poi MAVEN version =3.11-beta1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.poi:poi and may be impacted: - org.apache.poi:poi-examples =3.11-beta1 - org.apache.poi:poi-excelant =3.11-beta1 - org.apache.poi:poi-ooxml...

4.3CVSS6.4AI score0.07395EPSS
Exploits0
Veracode
Veracode
added 2017/03/22 1:45 a.m.25 views

Denial Of Service (DoS) Via XML External Expansion (XEE)

poi-ooxml is vulnerable to denial of service DoS attacks. The vulnerability exists via an XML Entity Expansion XEE attack when parsing a malicious OOXML file...

7.1CVSS5.5AI score0.04595EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder