9 matches found
Security Bulletin: IBM InfoSphere Information Server is affected by an improper input validation vulnerability in Apache POI (CVE-2025-31672)
Summary An improper input validation vulnerability in Apache POI that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xls...
Security Bulletin: Improper Input Validation in Apache POI OOXML Parsing Allows Ambiguity with Duplicate ZIP Entries (Fixed in poi-ooxml 5.4.0) affects watsonx.data
Summary Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicate names including the path in the zip. In...
Security Bulletin: There is a vulnerability in poi-ooxml-5.3.0.jarused by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-31672)
Summary There is a vulnerability in poi-ooxml-5.3.0.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-31672 DESCRIPTION: Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like...
ai.chat2db.excel:easyexcel-plus (=0.0.1), ai.chat2db.excel:easyexcel-plus-core (=0.0.1) +3470 more potentially affected by CVE-2025-31672 via org.apache.poi:poi-ooxml (>=5.0.0 <=5.3.0)
org.apache.poi:poi-ooxml MAVEN version =5.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =0.5.1, =1.1.0 and more Source cves: CVE-2025-31672 Source advisory: SNYK:JAVA-ORGAPACHEPOI-9685010...
Improper Input Validation
Overview org.apache.poi:poi-ooxml is a Java API To Access Microsoft Format Files. Affected versions of this package are vulnerable to Improper Input Validation due to the parsing process of OOXML format files. An attacker can manipulate the file content by adding zip entries with duplicate names,...
ai.chat2db.excel:easyexcel-plus (=0.0.1), ai.chat2db.excel:easyexcel-plus-core (=0.0.1) +7055 more potentially affected by CVE-2025-31672 via org.apache.poi:poi-ooxml (>=3.5-FINAL <=5.3.0)
org.apache.poi:poi-ooxml MAVEN version =3.5-FINAL, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.0.0, =0.5.1, =1.1.0 and more Source cves: CVE-2025-31672 Source advisory: OSV:GHSA-GMG8-593G-7MV3...
Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar
Summary Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities. Vulnerability Details CVEID:CVE-2017-5644 DESCRIPTION: Apache POI is vulnerable to a denial of service, cause by an XML External...
org.apache.poi:poi-examples (=3.11-beta1), org.apache.poi:poi-excelant (=3.11-beta1) +2 more potentially affected by CVE-2014-3574 via org.apache.poi:poi (=3.11-beta1)
org.apache.poi:poi MAVEN version =3.11-beta1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.poi:poi and may be impacted: - org.apache.poi:poi-examples =3.11-beta1 - org.apache.poi:poi-excelant =3.11-beta1 - org.apache.poi:poi-ooxml...
Denial Of Service (DoS) Via XML External Expansion (XEE)
poi-ooxml is vulnerable to denial of service DoS attacks. The vulnerability exists via an XML Entity Expansion XEE attack when parsing a malicious OOXML file...