CVE-2016-5000

The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
apachepoi
𝑥
≤ 3.13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache-poi-java
bullseye
unimportant
bookworm
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache-poi-java
noble
not-affected
mantic
not-affected
lunar
not-affected
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needs-triage
artful
ignored
zesty
ignored
yakkety
ignored
xenial
needs-triage
wily
ignored
trusty
dne
precise
ignored
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.securityfocus.com/archive/1/538981/100/0/threaded
http://www.securityfocus.com/bid/92100
http://www.securitytracker.com/id/1037741
https://lists.apache.org/list.html?user%40poi.apache.org
https://www.oracle.com/security-alerts/cpuoct2020.html
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.securityfocus.com/archive/1/538981/100/0/threaded
http://www.securityfocus.com/bid/92100
http://www.securitytracker.com/id/1037741
https://lists.apache.org/list.html?user%40poi.apache.org
https://www.oracle.com/security-alerts/cpuoct2020.html