CVE-2014-3529

Apache POI < 3.10.1 - XML External Entity Injection via OpenXML File Processing

Title source: llm
STIX 2.1

Description

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References (14)

Core 14
Core References
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
Various Sources x_refsource_confirm
http://poi.apache.org/changes.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/78018
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61766
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95770
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60419
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69647
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59943
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1370.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1400.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1398.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1399.html

Scores

EPSS 0.0523
EPSS Percentile 90.1%

Details

Status published
Products (32)
apache/poi 0.1
apache/poi 0.2
apache/poi 0.3
apache/poi 0.4
apache/poi 0.5
apache/poi 0.6
apache/poi 0.7
apache/poi 0.10.0
apache/poi 0.11.0
apache/poi 0.12.0
... and 22 more
Published Sep 04, 2014
Tracked Since Feb 18, 2026