CVE-2014-3529

CVSS v2.0 4.3 (Medium)

EPSS 0.16 % (53^th)

Affected Products 1

Advisories 5

The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-09-04 17:55:05
(10 years ago)
Updated Date: 2017-08-29 01:34:47
(7 years ago)

Affected Products

Apache

Configuration #1

	CPE23	Up To
Apache Poi 3.10 and prior versions	cpe:2.3:a:apache:poi	<= 3.10
Apache Poi 0.1	cpe:2.3:a:apache:poi:0.1
Apache Poi 0.2	cpe:2.3:a:apache:poi:0.2
Apache Poi 0.3	cpe:2.3:a:apache:poi:0.3
Apache Poi 0.4	cpe:2.3:a:apache:poi:0.4
Apache Poi 0.5	cpe:2.3:a:apache:poi:0.5
Apache Poi 0.6	cpe:2.3:a:apache:poi:0.6
Apache Poi 0.7	cpe:2.3:a:apache:poi:0.7
Apache Poi 0.10.0	cpe:2.3:a:apache:poi:0.10.0
Apache Poi 0.11.0	cpe:2.3:a:apache:poi:0.11.0
Apache Poi 0.12.0	cpe:2.3:a:apache:poi:0.12.0
Apache Poi 0.13.0	cpe:2.3:a:apache:poi:0.13.0
Apache Poi 0.14.0	cpe:2.3:a:apache:poi:0.14.0
Apache Poi 1.0.0	cpe:2.3:a:apache:poi:1.0.0
Apache Poi 1.0.1	cpe:2.3:a:apache:poi:1.0.1
Apache Poi 1.0.2	cpe:2.3:a:apache:poi:1.0.2
Apache Poi 1.1.0	cpe:2.3:a:apache:poi:1.1.0
Apache Poi 1.2.0	cpe:2.3:a:apache:poi:1.2.0
Apache Poi 1.5	cpe:2.3:a:apache:poi:1.5
Apache Poi 1.5.1	cpe:2.3:a:apache:poi:1.5.1
Apache Poi 1.7 Dev	cpe:2.3:a:apache:poi:1.7:dev
Apache Poi 1.8 Dev	cpe:2.3:a:apache:poi:1.8:dev
Apache Poi 1.10 Dev	cpe:2.3:a:apache:poi:1.10:dev
Apache Poi 2.0	cpe:2.3:a:apache:poi:2.0
Apache Poi 2.0 Pre1	cpe:2.3:a:apache:poi:2.0:pre1
Apache Poi 2.0 Pre2	cpe:2.3:a:apache:poi:2.0:pre2
Apache Poi 2.0 Pre3	cpe:2.3:a:apache:poi:2.0:pre3
Apache Poi 2.0 Rc1	cpe:2.3:a:apache:poi:2.0:rc1
Apache Poi 2.0 Rc2	cpe:2.3:a:apache:poi:2.0:rc2
Apache Poi 2.5	cpe:2.3:a:apache:poi:2.5
Apache Poi 2.5.1	cpe:2.3:a:apache:poi:2.5.1
Apache Poi 3.0	cpe:2.3:a:apache:poi:3.0
Apache Poi 3.0 Alpha1	cpe:2.3:a:apache:poi:3.0:alpha1
Apache Poi 3.0 Alpha2	cpe:2.3:a:apache:poi:3.0:alpha2
Apache Poi 3.0 Alpha3	cpe:2.3:a:apache:poi:3.0:alpha3
Apache Poi 3.0.1	cpe:2.3:a:apache:poi:3.0.1
Apache Poi 3.0.2	cpe:2.3:a:apache:poi:3.0.2
Apache Poi 3.0.2 Beta1	cpe:2.3:a:apache:poi:3.0.2:beta1
Apache Poi 3.0.2 Beta2	cpe:2.3:a:apache:poi:3.0.2:beta2
Apache Poi 3.1	cpe:2.3:a:apache:poi:3.1
Apache Poi 3.1 Beta1	cpe:2.3:a:apache:poi:3.1:beta1
Apache Poi 3.1 Beta2	cpe:2.3:a:apache:poi:3.1:beta2
Apache Poi 3.2	cpe:2.3:a:apache:poi:3.2
Apache Poi 3.5	cpe:2.3:a:apache:poi:3.5
Apache Poi 3.5 Beta1	cpe:2.3:a:apache:poi:3.5:beta1
Apache Poi 3.5 Beta2	cpe:2.3:a:apache:poi:3.5:beta2
Apache Poi 3.5 Beta3	cpe:2.3:a:apache:poi:3.5:beta3
Apache Poi 3.5 Beta4	cpe:2.3:a:apache:poi:3.5:beta4
Apache Poi 3.5 Beta5	cpe:2.3:a:apache:poi:3.5:beta5
Apache Poi 3.5 Beta6	cpe:2.3:a:apache:poi:3.5:beta6
Apache Poi 3.6	cpe:2.3:a:apache:poi:3.6
Apache Poi 3.7	cpe:2.3:a:apache:poi:3.7
Apache Poi 3.7 Beta1	cpe:2.3:a:apache:poi:3.7:beta1
Apache Poi 3.7 Beta2	cpe:2.3:a:apache:poi:3.7:beta2
Apache Poi 3.7 Beta3	cpe:2.3:a:apache:poi:3.7:beta3
Apache Poi 3.8	cpe:2.3:a:apache:poi:3.8
Apache Poi 3.8 Beta1	cpe:2.3:a:apache:poi:3.8:beta1
Apache Poi 3.8 Beta2	cpe:2.3:a:apache:poi:3.8:beta2
Apache Poi 3.8 Beta3	cpe:2.3:a:apache:poi:3.8:beta3
Apache Poi 3.8 Beta4	cpe:2.3:a:apache:poi:3.8:beta4
Apache Poi 3.8 Beta5	cpe:2.3:a:apache:poi:3.8:beta5
Apache Poi 3.9	cpe:2.3:a:apache:poi:3.9
Apache Poi 3.10 Beta1	cpe:2.3:a:apache:poi:3.10:beta1
Apache Poi 3.10 Beta2	cpe:2.3:a:apache:poi:3.10:beta2