ID CVE-2019-12415
Summary In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:poi:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:0.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:0.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.7:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.7:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.8:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.8:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:1.10:dev:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:1.10:dev:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.0:pre3:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.0:pre3:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0.2:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0.2:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.0.2:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.0.2:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.1:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.1:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.1:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.1:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:beta5:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:beta5:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.5:beta6:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.5:beta6:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.7:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.7:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.7:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.7:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.7:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.7:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.8:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.8:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.8:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.8:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.8:beta3:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.8:beta3:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.8:beta4:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.8:beta4:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.8:beta5:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.8:beta5:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.10:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.10:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.10:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.10:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.11:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.11:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:3.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::8.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 08-04-2022 - 13:30)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
misc
mlist
  • [lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1
  • [tika-user] 20191105 Is tika-parsers exposed to CVE-2019-12415
  • [tika-user] 20191105 Re: Is tika-parsers exposed to CVE-2019-12415
  • [tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415
Last major update 08-04-2022 - 13:30
Published 23-10-2019 - 20:15
Last modified 08-04-2022 - 13:30
Back to Top