{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-24T13:04:22.191","vulnerabilities":[{"cve":{"id":"CVE-2019-12415","sourceIdentifier":"security@apache.org","published":"2019-10-23T20:15:12.707","lastModified":"2026-06-17T02:14:36.483","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing."},{"lang":"es","value":"En Apache POI versiones hasta 4.1.0, cuando se utiliza la herramienta XSSFExportToXml para convertir documentos de Microsoft Excel proporcionados por el usuario, un documento especialmente diseñado puede permitir a un atacante leer archivos del sistema de archivos local o de los recursos de la red interna por medio de un Procesamiento de Entidad Externa XML (XXE)."}],"affected":[{"source":"security@apache.org","affectedData":[{"vendor":"n/a","product":"Apache POI","versions":[{"version":"Apache POI up to 4.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*","versionEndIncluding":"4.1.0","matchCriteriaId":"1D82A205-F4BE-4C18-A764-A2364B50BAD9"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*","matchCriteriaId":"17EA8B91-7634-4636-B647-1049BA7CA088"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*","matchCriteriaId":"5B4DF46F-DBCC-41F2-A260-F83A14838F23"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*","matchCriteriaId":"10F17843-32EA-4C31-B65C-F424447BEF7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*","matchCriteriaId":"A125E817-F974-4509-872C-B71933F42AD1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"7AB8ABFD-C72C-4CBB-8872-9440A19154D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"3054FEBB-484B-4927-9D1C-2024772E8B3D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"5AED3C78-7D65-4F02-820D-B51BCE4022F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*","matchCriteriaId":"557A23A1-4762-4D29-A478-D1670C1847D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_payments:14.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7BE6EB99-98BF-49A2-8890-829320607A1B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_payments:14.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FD48BA85-B6D3-4BFD-9B48-755494FF094E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"C2BEE49E-A5AA-42D3-B422-460454505480"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*","matchCriteriaId":"F4FF66F7-10C8-4A1C-910A-EF7D12A4284C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*","matchCriteriaId":"35AD0C07-9688-4397-8D45-FBB88C0F0C11"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*","matchCriteriaId":"8972497F-6E24-45A9-9A18-EB0E842CB1D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*","matchCriteriaId":"400509A8-D6F2-432C-A2F1-AD5B8778D0D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*","matchCriteriaId":"132CE62A-FBFC-4001-81EC-35D81F73AF48"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"282150FF-C945-4A3E-8A80-E8757A8907EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*","matchCriteriaId":"645AA3D1-C8B5-4CD2-8ACE-31541FA267F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*","matchCriteriaId":"AB9FC9AB-1070-420F-870E-A5EC43A924A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*","matchCriteriaId":"8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::8.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B2FDA4C6-68BA-4090-9645-A1A3C526F86C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::8.2.2:*:*:*:*:*:*:*","matchCriteriaId":"00F3F284-E638-495D-89D0-AEB0CCA969CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"9D03A8C9-35A5-4B75-9711-7A4A60457307"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5:*:*:*:*:*:*:*","matchCriteriaId":"36E39918-B2D6-43F0-A607-8FD8BFF6F340"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7582B307-3899-4BBB-B868-BC912A4D0109"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*","matchCriteriaId":"F9E13DD9-F456-4802-84AD-A2A1F12FE999"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.6","versionEndIncluding":"8.0.9","matchCriteriaId":"40F940AA-05BE-426C-89A3-4098E107D9A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*","matchCriteriaId":"EF6D5112-4055-4F89-A5B3-0DCB109481B7"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*","matchCriteriaId":"D262848E-AA24-4057-A747-6221BA22ADF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"6762F207-93C7-4363-B2F9-7A7C6F8AF993"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"1B74B912-152D-4F38-9FC1-741D6D0B27FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*","matchCriteriaId":"DED59B62-C9BF-4C0E-B351-3884E8441655"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*","matchCriteriaId":"82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*","matchCriteriaId":"B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*","matchCriteriaId":"7F69B9A5-F21B-4904-9F27-95C0F7A628E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*","matchCriteriaId":"9A570E5E-A3BC-4E19-BC44-C28D8BC9A537"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*","matchCriteriaId":"D56B4193-4DB7-4BD9-85FF-8665601E6D4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*","matchCriteriaId":"AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*","matchCriteriaId":"9A94F93C-5828-4D78-9C48-20AC17E72B8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*","matchCriteriaId":"F3E25293-CB03-44CE-A8ED-04B3A0487A6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*","matchCriteriaId":"4F9721E3-EE25-4C8A-9E0A-E60D465E0A97"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*","matchCriteriaId":"E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","matchCriteriaId":"7E1E416B-920B-49A0-9523-382898C2979D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","matchCriteriaId":"C8AF00C6-B97F-414D-A8DF-057E6BFD8597"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_gateway:17.12.6:*:*:*:*:*:*:*","matchCriteriaId":"2F5647E5-B051-41A6-B186-3584C725908B"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_gateway:18.8.8.1:*:*:*:*:*:*:*","matchCriteriaId":"4A405B01-7DC5-41A0-9B61-C2DBE1C71A67"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*","versionStartIncluding":"17.7","versionEndIncluding":"17.12","matchCriteriaId":"08FA59A8-6A62-4B33-8952-D6E658F8DAC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*","matchCriteriaId":"D55A54FD-7DD1-49CD-BE81-0BE73990943C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*","matchCriteriaId":"82EB08C0-2D46-4635-88DF-E54F6452D3A3"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*","matchCriteriaId":"202AD518-2E9B-4062-B063-9858AE1F9CE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*","matchCriteriaId":"10864586-270E-4ACF-BDCC-ECFCD299305F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0:*:*:*:*:*:*:*","matchCriteriaId":"C8109973-AE49-4E2C-B3A0-DDB18674C1FA"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*","matchCriteriaId":"EE8CF045-09BB-4069-BCEC-496D5AE3B780"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*","matchCriteriaId":"38E74E68-7F19-4EF3-AC00-3C249EAAA39E"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*","matchCriteriaId":"24A3C819-5151-4543-A5C6-998C9387C8A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*","matchCriteriaId":"4FB98961-8C99-4490-A6B8-9A5158784F5A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D6A4F71A-4269-40FC-8F61-1D1301F2B728"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"5A502118-5B2B-47AE-82EC-1999BD841103"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*","matchCriteriaId":"D551CAB1-4312-44AA-BDA8-A030817E153A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"174A6D2E-E42E-4C92-A194-C6A820CD7EF4"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E","source":"security@apache.org"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"security@apache.org","tags":["Third Party Advisory"]},{"url":"https://lists.apache.org/thread.html/13a54b6a03369cfb418a699180ffb83bd727320b6ddfec198b9b728e%40%3Cannounce.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/2ac0327748de0c2b3c1c012481b79936797c711724e0b7da83cf564c%40%3Cuser.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/895164e03a3c327449069e2fd6ced0367561878b3ae6a8ec740c2007%40%3Cuser.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c%40%3Cuser.tika.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}