CVE-2019-12415 in Oracle Financial Services Revenue Management and Billinginfo

Summary

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservation

05/28/2019

Entries

VulDB provides additional information and datapoints for this CVE:

Sources

• MITRE
• NVD
• CVE Details