CVE-2019-12415
Medium
Low
Medium
High
Critical
5.5
CVSS Score
Vulnerability Description
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
L
Attack Complexity
L
Privileges Required
L
User Interaction
N
Scope
U
Confidentiality
H
Integrity
N
Availability
N
Known Affected Software
125 configuration(s) from 2 vendor(s)
poi
Version:
1.1.0
CPE:
cpe:2.3:a:apache:poi:1.1.0:*:*:*:*:*:*:*
poi
Version:
3.10
CPE:
cpe:2.3:a:apache:poi:3.10:*:*:*:*:*:*:*
poi
Version:
1.7
CPE:
cpe:2.3:a:apache:poi:1.7:dev:*:*:*:*:*:*
poi
Version:
2.5
CPE:
cpe:2.3:a:apache:poi:2.5:*:*:*:*:*:*:*
poi
Version:
3.11
CPE:
cpe:2.3:a:apache:poi:3.11:beta1:*:*:*:*:*:*
poi
Version:
3.13
CPE:
cpe:2.3:a:apache:poi:3.13:*:*:*:*:*:*:*
poi
Version:
0.11.0
CPE:
cpe:2.3:a:apache:poi:0.11.0:*:*:*:*:*:*:*
poi
Version:
3.14
CPE:
cpe:2.3:a:apache:poi:3.14:*:*:*:*:*:*:*
poi
Version:
1.2.0
CPE:
cpe:2.3:a:apache:poi:1.2.0:*:*:*:*:*:*:*
poi
Version:
0.4
CPE:
cpe:2.3:a:apache:poi:0.4:*:*:*:*:*:*:*
poi
Version:
0.14.0
CPE:
cpe:2.3:a:apache:poi:0.14.0:*:*:*:*:*:*:*
poi
Version:
3.2
CPE:
cpe:2.3:a:apache:poi:3.2:*:*:*:*:*:*:*
poi
Version:
1.0.0
CPE:
cpe:2.3:a:apache:poi:1.0.0:*:*:*:*:*:*:*
poi
Version:
0.12.0
CPE:
cpe:2.3:a:apache:poi:0.12.0:*:*:*:*:*:*:*
poi
Version:
2.0
CPE:
cpe:2.3:a:apache:poi:2.0:*:*:*:*:*:*:*
poi
Version:
0.2
CPE:
cpe:2.3:a:apache:poi:0.2:*:*:*:*:*:*:*
poi
Version:
0.10.0
CPE:
cpe:2.3:a:apache:poi:0.10.0:*:*:*:*:*:*:*
poi
Version:
0.1
CPE:
cpe:2.3:a:apache:poi:0.1:*:*:*:*:*:*:*
poi
Version:
3.7
CPE:
cpe:2.3:a:apache:poi:3.7:*:*:*:*:*:*:*
poi
Version:
0.13.0
CPE:
cpe:2.3:a:apache:poi:0.13.0:*:*:*:*:*:*:*
poi
Version:
3.0.2
CPE:
cpe:2.3:a:apache:poi:3.0.2:*:*:*:*:*:*:*
poi
Version:
4.1.0
CPE:
cpe:2.3:a:apache:poi:4.1.0:*:*:*:*:*:*:*
poi
Version:
0.5
CPE:
cpe:2.3:a:apache:poi:0.5:*:*:*:*:*:*:*
poi
Version:
1.8
CPE:
cpe:2.3:a:apache:poi:1.8:dev:*:*:*:*:*:*
poi
Version:
3.6
CPE:
cpe:2.3:a:apache:poi:3.6:*:*:*:*:*:*:*
poi
Version:
3.17
CPE:
cpe:2.3:a:apache:poi:3.17:*:*:*:*:*:*:*
poi
Version:
0.7
CPE:
cpe:2.3:a:apache:poi:0.7:*:*:*:*:*:*:*
poi
Version:
2.5.1
CPE:
cpe:2.3:a:apache:poi:2.5.1:*:*:*:*:*:*:*
poi
Version:
1.0.1
CPE:
cpe:2.3:a:apache:poi:1.0.1:*:*:*:*:*:*:*
poi
Version:
1.5.1
CPE:
cpe:2.3:a:apache:poi:1.5.1:*:*:*:*:*:*:*
poi
Version:
0.6
CPE:
cpe:2.3:a:apache:poi:0.6:*:*:*:*:*:*:*
poi
Version:
1.0.2
CPE:
cpe:2.3:a:apache:poi:1.0.2:*:*:*:*:*:*:*
poi
Version:
3.5
CPE:
cpe:2.3:a:apache:poi:3.5:*:*:*:*:*:*:*
poi
Version:
3.8
CPE:
cpe:2.3:a:apache:poi:3.8:*:*:*:*:*:*:*
poi
Version:
0.3
CPE:
cpe:2.3:a:apache:poi:0.3:*:*:*:*:*:*:*
poi
Version:
1.10
CPE:
cpe:2.3:a:apache:poi:1.10:dev:*:*:*:*:*:*
poi
Version:
3.9
CPE:
cpe:2.3:a:apache:poi:3.9:*:*:*:*:*:*:*
poi
Version:
1.5
CPE:
cpe:2.3:a:apache:poi:1.5:*:*:*:*:*:*:*
poi
Version:
3.0.1
CPE:
cpe:2.3:a:apache:poi:3.0.1:*:*:*:*:*:*:*
poi
Version:
3.1
CPE:
cpe:2.3:a:apache:poi:3.1:*:*:*:*:*:*:*
poi
Version:
3.0
CPE:
cpe:2.3:a:apache:poi:3.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6.0.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0:*:*:*:*:*:*:*
endeca_information_discovery_studio
Version:
3.2.0
CPE:
cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
banking_platform
Version:
2.4.1
CPE:
cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*
instantis_enterprisetrack
Version:
17.3
CPE:
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
primavera_unifier
Version:
17.10
CPE:
cpe:2.3:a:oracle:primavera_unifier:17.10:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.7.2.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.2.0:*:*:*:*:*:*:*
peoplesoft_enterprise_peopletools
Version:
8.59
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.8.6
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.6:*:*:*:*:*:*:*
flexcube_private_banking
Version:
12.1.0
CPE:
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
application_testing_suite
Version:
13.2.0.1
CPE:
cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
insurance_policy_administration_j2ee
Version:
11.0.2
CPE:
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*
primavera_unifier
Version:
17.9
CPE:
cpe:2.3:a:oracle:primavera_unifier:17.9:*:*:*:*:*:*:*
primavera_unifier
Version:
16.2
CPE:
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
banking_platform
Version:
2.6.1
CPE:
cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.7
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.9
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*
retail_order_broker
Version:
16.0
CPE:
cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*
jdeveloper
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
primavera_unifier
Version:
17.11
CPE:
cpe:2.3:a:oracle:primavera_unifier:17.11:*:*:*:*:*:*:*
retail_predictive_application_server
Version:
15.0.3
CPE:
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*
peoplesoft_enterprise_peopletools
Version:
8.57
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
hyperion_infrastructure_technology
Version:
11.1.2.4
CPE:
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
enterprise_manager_base_platform
Version:
12.1.0.5
CPE:
cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*
instantis_enterprisetrack
Version:
17.2
CPE:
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
insurance_rules_palette
Version:
10.2.4
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*
financial_services_market_risk_measurement_and_management
Version:
8.0.6
CPE:
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.7.0.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.8
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*
retail_clearance_optimization_engine
Version:
14.0
CPE:
cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*
primavera_unifier
Version:
17.8
CPE:
cpe:2.3:a:oracle:primavera_unifier:17.8:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.7.1.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.1.0:*:*:*:*:*:*:*
enterprise_manager_base_platform
Version:
13.3.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*
application_testing_suite
Version:
12.5.0.3
CPE:
cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
peoplesoft_enterprise_peopletools
Version:
8.58
CPE:
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
application_testing_suite
Version:
13.1.0.1
CPE:
cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
retail_predictive_application_server
Version:
16.0.3
CPE:
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*
insurance_rules_palette
Version:
11.2.0
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6.0.1
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.1:*:*:*:*:*:*:*
banking_payments
Version:
14.0.0
CPE:
cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*
application_testing_suite
Version:
13.3.0.1
CPE:
cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
insurance_policy_administration_j2ee
Version:
11.1.0
CPE:
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*
flexcube_private_banking
Version:
12.0.0
CPE:
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
banking_enterprise_originations
Version:
2.8.0
CPE:
cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*
primavera_unifier
Version:
19.12
CPE:
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
insurance_rules_palette
Version:
10.2.0
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.8.0.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0.0:*:*:*:*:*:*:*
instantis_enterprisetrack
Version:
17.1
CPE:
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
banking_payments
Version:
14.1.0
CPE:
cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*
retail_order_broker
Version:
15.0
CPE:
cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*
primavera_unifier
Version:
17.7
CPE:
cpe:2.3:a:oracle:primavera_unifier:17.7:*:*:*:*:*:*:*
banking_enterprise_product_manufacturing
Version:
2.8.0
CPE:
cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*
banking_platform
Version:
2.4.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*
webcenter_sites
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
webcenter_sites
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
enterprise_manager_base_platform
Version:
13.4.0.0
CPE:
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
primavera_gateway
Version:
18.8.8.1
CPE:
cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*
insurance_rules_palette
Version:
11.1.0
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*
banking_platform
Version:
2.7.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6.3.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.3.0:*:*:*:*:*:*:*
financial_services_market_risk_measurement_and_management
Version:
8.0.8
CPE:
cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
banking_platform
Version:
2.6.2
CPE:
cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
insurance_rules_palette
Version:
11.0.2
CPE:
cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.8.5
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.5:*:*:*:*:*:*:*
webcenter_portal
Version:
12.2.1.4.0
CPE:
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
insurance_policy_administration_j2ee
Version:
11.2.0
CPE:
cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*
banking_platform
Version:
2.7.1
CPE:
cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6.1.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.1.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.7.8
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.8:*:*:*:*:*:*:*
primavera_unifier
Version:
17.12
CPE:
cpe:2.3:a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
webcenter_portal
Version:
12.2.1.3.0
CPE:
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
banking_platform
Version:
2.9.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*
banking_enterprise_originations
Version:
2.7.0
CPE:
cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.9.0.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9.0.0:*:*:*:*:*:*:*
enterprise_repository
Version:
12.1.3.0.0
CPE:
cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
primavera_unifier
Version:
16.1
CPE:
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
primavera_gateway
Version:
17.12.6
CPE:
cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*
banking_enterprise_product_manufacturing
Version:
2.7.0
CPE:
cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6.4.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.4.0:*:*:*:*:*:*:*
banking_platform
Version:
2.6.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
financial_services_analytical_applications_infrastructure
Version:
8.0.6.2.0
CPE:
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.2.0:*:*:*:*:*:*:*
banking_platform
Version:
2.5.0
CPE:
cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*
primavera_unifier
Version:
18.8
CPE:
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
big_data_discovery
Version:
1.6
CPE:
cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
This vulnerability affects 125 software configuration(s). Ensure you patch all affected systems.
Oracle
CPUJAN2025
Oracle Critical Patch Update Advisory - January 2025
Severity
Critical
Released
Jan 21, 2025
Restart Required
Security Update
References & Resources
-
https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3Esecurity@apache.org
-
https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3Esecurity@apache.org
-
https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3Esecurity@apache.org
-
https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3Esecurity@apache.org
-
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Esecurity@apache.org
-
https://www.oracle.com//security-alerts/cpujul2021.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2020.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2021.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.htmlsecurity@apache.org Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.htmlsecurity@apache.org Third Party Advisory
-
https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
-
https://www.oracle.com//security-alerts/cpujul2021.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuApr2021.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuapr2020.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2020.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujan2021.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpujul2020.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2020.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
https://www.oracle.com/security-alerts/cpuoct2021.htmlaf854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
5.5
out of 10.0
Medium
Weakness Type (CWE)
CWE-611
Improper Restriction of XML External Entity Reference
- Description
- The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
- Typical Severity
- Medium
- Abstraction Level
- Base
Key Information
- Published Date
- October 23, 2019
