Attacker Value
Unknown
CVE-2019-12415
CVE-2019-12415
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None
General Information
Products
- application testing suite 12.5.0.3
- application testing suite 13.1.0.1
- application testing suite 13.2.0.1
- application testing suite 13.3.0.1
- banking enterprise originations 2.7.0
- banking enterprise originations 2.8.0
- banking enterprise product manufacturing 2.7.0
- banking enterprise product manufacturing 2.8.0
- banking payments 14.0.0
- banking payments 14.1.0
- banking platform 2.4.0
- banking platform 2.4.1
- banking platform 2.5.0
- banking platform 2.6.0
- banking platform 2.6.1
- banking platform 2.6.2
- banking platform 2.7.0
- banking platform 2.7.1
- banking platform 2.9.0
- big data discovery 1.6
- communications diameter signaling router idih: 8.0.0
- communications diameter signaling router idih: 8.2.2
- endeca information discovery studio 3.2.0
- enterprise manager base platform 12.1.0.5
- enterprise manager base platform 13.3.0.0
- enterprise manager base platform 13.4.0.0
- enterprise repository 12.1.3.0.0
- financial services analytical applications infrastructure
- financial services market risk measurement and management 8.0.6
- financial services market risk measurement and management 8.0.8
- flexcube private banking 12.0.0
- flexcube private banking 12.1.0
- hyperion infrastructure technology 11.1.2.4
- instantis enterprisetrack 17.1
- instantis enterprisetrack 17.2
- instantis enterprisetrack 17.3
- insurance policy administration j2ee 11.0.2
- insurance policy administration j2ee 11.1.0
- insurance policy administration j2ee 11.2.0
- insurance rules palette 10.2.0
- insurance rules palette 10.2.4
- insurance rules palette 11.0.2
- insurance rules palette 11.1.0
- insurance rules palette 11.2.0
- jdeveloper 12.2.1.4.0
- peoplesoft enterprise peopletools 8.57
- peoplesoft enterprise peopletools 8.58
- peoplesoft enterprise peopletools 8.59
- poi
- primavera gateway 17.12.6
- primavera gateway 18.8.8.1
- primavera unifier
- primavera unifier 16.1
- primavera unifier 16.2
- primavera unifier 18.8
- primavera unifier 19.12
- retail clearance optimization engine 14.0
- retail order broker 15.0
- retail order broker 16.0
- retail predictive application server 15.0.3
- retail predictive application server 16.0.3
- webcenter portal 12.2.1.3.0
- webcenter portal 12.2.1.4.0
- webcenter sites 12.2.1.3.0
- webcenter sites 12.2.1.4.0
References
Advisory
Miscellaneous
