XML External Entity Vulnerability in Apache POI
CVE-2014-3529

Currently unrated

Key Information:

Vendor: Apache
Status: Poi
Vendor: CVE Published:; 4 September 2014

Summary

The OPC SAX setup in Apache POI versions prior to 3.10.1 is susceptible to an XML External Entity (XXE) vulnerability. This flaw allows remote attackers to exploit a crafted OpenXML file containing an XML external entity declaration combined with an entity reference to gain unauthorized access to arbitrary files on the server. The vulnerability can lead to information disclosure, making it imperative for users to update to the latest version to ensure the security and integrity of their applications.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

x_refsource_CONFIRM

http://poi.apache.org/changes.html

x_refsource_CONFIRM

http://www.securityfocus.com/bid/78018

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Sep 4, 2014
Vulnerability Reserved
May 14, 2014