Vulnerabilities > CVE-2019-12415 - XXE vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

apache

oracle

CWE-611

nessus

NVD

Published: 2019-10-23

Updated: 2023-11-07

Summary

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache POI 0.1 Apache POI 0.2 Apache POI 0.3 Apache POI 0.4 Apache POI 0.5 Apache POI 0.6 Apache POI 0.7 Apache POI 0.10.0 Apache POI 0.11.0 Apache POI 0.12.0 Apache POI 0.13.0 Apache POI 0.14.0 Apache POI 1.0.0 Apache POI 1.0.1 Apache POI 1.0.2 Apache POI 1.1.0 Apache POI 1.2.0 Apache POI 1.5 Apache POI 1.5.1 Apache POI 1.7 Apache POI 1.8 Apache POI 1.10 Apache POI 2.0 Apache POI 2.5 Apache POI 2.5.1 Apache POI 3.0 Apache POI 3.0.1 Apache POI 3.0.2 Apache POI 3.1 Apache POI 3.2 Apache POI 3.5 Apache POI 3.6 Apache POI 3.7 Apache POI 3.8 Apache POI 3.9 Apache POI 3.10 Apache POI 3.11 Apache POI 3.13 Apache POI 3.14 Apache POI 3.17 Apache POI 4.1.0	69
Application	Oracle Oracle Flexcube Private Banking 12.1.0 Oracle Flexcube Private Banking 12.0.0 Oracle Primavera Unifier 16.2 Oracle Primavera Unifier 16.1 Oracle Primavera Unifier 18.8 Oracle Primavera Unifier 17.7 Oracle Primavera Unifier 17.8 Oracle Primavera Unifier 17.9 Oracle Primavera Unifier 17.10 Oracle Primavera Unifier 17.11 Oracle Primavera Unifier 17.12 Oracle Primavera Unifier 19.12 Oracle Banking Platform 2.4.0 Oracle Banking Platform 2.4.1 Oracle Banking Platform 2.5.0 Oracle Banking Platform 2.6.0 Oracle Banking Platform 2.6.1 Oracle Banking Platform 2.6.2 Oracle Banking Platform 2.7.0 Oracle Banking Platform 2.7.1 Oracle Banking Platform 2.9.0 Oracle Enterprise Manager Base Platform 12.1.0.5 Oracle Enterprise Manager Base Platform 13.3.0.0 Oracle Enterprise Manager Base Platform 13.4.0.0 Oracle Enterprise Repository 12.1.3.0.0 Oracle Insurance Rules Palette 10.2.0 Oracle Insurance Rules Palette 10.2.4 Oracle Insurance Rules Palette 11.0.2 Oracle Insurance Rules Palette 11.1.0 Oracle Insurance Rules Palette 11.2.0 Oracle Application Testing Suite 12.5.0.3 Oracle Application Testing Suite 13.1.0.1 Oracle Application Testing Suite 13.2.0.1 Oracle Application Testing Suite 13.3.0.1 Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 12.2.1.4.0 Oracle Banking Payments 14.0.0 Oracle Banking Payments 14.1.0 Oracle Webcenter Sites 12.2.1.3.0 Oracle Webcenter Sites 12.2.1.4.0 Oracle Peoplesoft Enterprise Peopletools 8.57 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Peoplesoft Enterprise Peopletools 8.59 Oracle Retail Order Broker 15.0 Oracle Retail Order Broker 16.0 Oracle Retail Predictive Application Server 15.0.3 Oracle Retail Predictive Application Server 16.0.3 Oracle Financial Services Market Risk Measurement AND Management 8.0.6 Oracle Financial Services Market Risk Measurement AND Management 8.0.8 Oracle Endeca Information Discovery Studio 3.2.0 Oracle Instantis Enterprisetrack 17.1 Oracle Instantis Enterprisetrack 17.2 Oracle Instantis Enterprisetrack 17.3 Oracle Hyperion Infrastructure Technology 11.1.2.4 Oracle Jdeveloper 12.2.1.4.0 Oracle Primavera Gateway 17.12.6 Oracle Primavera Gateway 18.8.8.1 Oracle BIG Data Discovery 1.6 Oracle Insurance Policy Administration J2Ee 11.0.2 Oracle Insurance Policy Administration J2Ee 11.1.0 Oracle Insurance Policy Administration J2Ee 11.2.0 Oracle Banking Enterprise Originations 2.8.0 Oracle Banking Enterprise Originations 2.7.0 Oracle Banking Enterprise Product Manufacturing 2.7.0 Oracle Banking Enterprise Product Manufacturing 2.8.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.0.1 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.3.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.6.4.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.1.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.7.2.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.8 Oracle Financial Services Analytical Applications Infrastructure 8.0.8.0.0 Oracle Financial Services Analytical Applications Infrastructure 8.0.9 Oracle Communications Diameter Signaling Router Idih Oracle Retail Clearance Optimization Engine 14.0	82

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Nessus

NASL family	Misc.
NASL id	ORACLE_OATS_CPU_JAN_2020.NASL
description	The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder (Jython)). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in takeover of Oracle Application Testing Suite. (CVE-2016-4000) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Jython). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite. (CVE-2016-4000) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Apache POI). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang or frequently repeatable crash (complete DOS). (CVE-2017-12626) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Apache POI). An unauthenticated, remote attacker with network access via HTTP to compromise Oracle Application Testing Suite and cause the process to hang or frequently repeatable crash (complete DOS). (CVE-2017-12626) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (AntiSamy). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2017-14735) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (Antisamy). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2017-14735) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Application Development Framework). An unauthenticated, remote attacker with network access via HTTP can result in takeover of Oracle Application Testing Suite. (CVE-2019-2904) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder (jQuery). An unauthenticated, remote attacker with network access via HTTP who is able to obtain human interaction can impact additional products and result in an unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data. (CVE-2019-11358) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Load Testing for Web Apps (Apache POI). An authenticated, low priviledged remote attacker with network access to the infrastructure can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. (CVE-2019-12415) - An unspecified vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager subcomponent Oracle Flow Builder. An unauthenticated remote attacker with network access via HTTP can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. (CVE-2020-2673)
last seen	2020-05-08
modified	2020-01-27
plugin id	133260
published	2020-01-27
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133260
title	Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

NASL family	CGI abuses
NASL id	ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2020.NASL
description	According to its self-reported version number, the Oracle Primavera Unifier installation running on the remote web server is 16.1.x or 16.2.x prior to 16.2.16.0, or 17.7.x through 17.12.x prior to 17.12.11.2, or 18.8.x prior to 18.8.15, or 19.12.x prior to 19.12.0.1. It is, therefore, affected by multiple vulnerabilities: - A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10 used in Primavera Unifier. (CVE-2019-14540) - A memory exhaustion flaw exists in Apache Tika
last seen	2020-05-08
modified	2020-01-30
plugin id	133359
published	2020-01-30
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133359
title	Oracle Primavera Unifier Multiple Vulnerabilities (Jan 2020 CPU)

NASL family	CGI abuses
NASL id	ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL
description	According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is 15.x prior to 15.2.18, 16.x prior to 16.2.11, 17.x prior to 17.12.6, or 18.x prior to 18.8.8.1. It is, therefore, affected by multiple vulnerabilities, including the following: - Two Polymorphic Typing issues present in FasterXML jackson-databind related to com.zaxxer.hikari.HikariDataSource which can be exploited by remote, unauthenticated attackers. (CVE-2019-16335, CVE-2019-14540) - A man-in-the-middle vulnerability caused by the getCN function in Apache Axis not properly verifying that the server hostname matches a domain name in the subject
last seen	2020-05-08
modified	2020-01-15
plugin id	132936
published	2020-01-15
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/132936
title	Oracle Primavera Gateway Multiple Vulnerabilities (Jan 2020 CPU)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References