apache poi CVE-2019-12415 in Apache and Oracle Products
Published on October 23, 2019

product logo product logo
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

NVD


Products Associated with CVE-2019-12415

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12415 are published in these products:

Apache Poi
 
Oracle Application Testing Suite
 
Oracle Banking Enterprise Originations
 
Oracle Banking Enterprise Product Manufacturing
 
Oracle Banking Payments
 
Oracle Banking Platform
 
Oracle Big Data Discovery
 
Oracle Communications Diameter Signaling Router Idih
 
Oracle Endeca Information Discovery Studio
 
Oracle Enterprise Manager Base Platform
 
Oracle Enterprise Repository
 
Oracle Financial Services Analytical Applications Infrastructure
 
Oracle Financial Services Market Risk Measurement Management
 
Oracle Flexcube Private Banking
 
Oracle Hyperion Infrastructure Technology
 
Oracle Instantis Enterprisetrack
 
Oracle Insurance Policy Administration J2ee
 
Oracle Insurance Rules Palette
 
Oracle Jdeveloper
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Primavera Gateway
 
Oracle Primavera Unifier
 
Oracle Retail Clearance Optimization Engine
 
Oracle Retail Order Broker
 
Oracle Retail Predictive Application Server
 
Oracle Webcenter Portal
 
Oracle Webcenter Sites
 
Oracle
 

Exploit Probability

EPSS
0.02%
Percentile
5.78%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.