CVE-2019-12415

{"id": "CVE-2019-12415", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2019-10-23T20:15:12.707", "references": [{"url": "https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E", "source": "security@apache.org"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2020.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["Third Party Advisory"], "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing."}, {"lang": "es", "value": "En Apache POI versiones hasta 4.1.0, cuando se utiliza la herramienta XSSFExportToXml para convertir documentos de Microsoft Excel proporcionados por el usuario, un documento especialmente dise\u00f1ado puede permitir a un atacante leer archivos del sistema de archivos local o de los recursos de la red interna por medio de un Procesamiento de Entidad Externa XML (XXE)."}], "lastModified": "2023-11-07T03:03:34.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D82A205-F4BE-4C18-A764-A2364B50BAD9", "versionEndIncluding": "4.1.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B"}, {"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AB8ABFD-C72C-4CBB-8872-9440A19154D6"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3054FEBB-484B-4927-9D1C-2024772E8B3D"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AED3C78-7D65-4F02-820D-B51BCE4022F9"}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "557A23A1-4762-4D29-A478-D1670C1847D3"}, {"criteria": "cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BE6EB99-98BF-49A2-8890-829320607A1B"}, {"criteria": "cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD48BA85-B6D3-4BFD-9B48-755494FF094E"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"}, {"criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4"}, {"criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E"}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2FDA4C6-68BA-4090-9645-A1A3C526F86C"}, {"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::8.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00F3F284-E638-495D-89D0-AEB0CCA969CB"}, {"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36E39918-B2D6-43F0-A607-8FD8BFF6F340"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"}, {"criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999"}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F940AA-05BE-426C-89A3-4098E107D9A7", "versionEndIncluding": "8.0.9", "versionStartIncluding": "8.0.6"}, {"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7"}, {"criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993"}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC"}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1"}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D56B4193-4DB7-4BD9-85FF-8665601E6D4F"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97"}, {"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA"}, {"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"}, {"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F5647E5-B051-41A6-B186-3584C725908B"}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A405B01-7DC5-41A0-9B61-C2DBE1C71A67"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"}, {"criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8109973-AE49-4E2C-B3A0-DDB18674C1FA"}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780"}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2"}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728"}, {"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103"}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A"}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}