4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
52.3%
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to
read arbitrary files via an OpenXML file containing an XML external entity
declaration in conjunction with an entity reference, related to an XML
External Entity (XXE) issue.
poi.apache.org/changes.html
secunia.com/advisories/60419
www.apache.org/dist/poi/release/RELEASE-NOTES.txt
issues.apache.org/bugzilla/show_bug.cgi?id=56164
launchpad.net/bugs/cve/CVE-2014-3529
lucene.apache.org/solr/solrnews.html#18-august-2014-recommendation-to-update-apache-poi-in-apache-solr-480-481-and-490-installations
nvd.nist.gov/vuln/detail/CVE-2014-3529
security-tracker.debian.org/tracker/CVE-2014-3529
www.cve.org/CVERecord?id=CVE-2014-3529