CVE-2016-5000

EUVD-2022-4799
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
apachepoi
𝑥
≤ 3.13
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libapache-poi-java
bookworm
unimportant
bullseye
unimportant
sid
unimportant
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libapache-poi-java
artful
ignored
bionic
needs-triage
cosmic
ignored
disco
ignored
eoan
ignored
focal
needs-triage
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
not-affected
mantic
not-affected
noble
not-affected
precise
ignored
trusty
dne
wily
ignored
xenial
needs-triage
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.securityfocus.com/archive/1/538981/100/0/threaded
http://www.securityfocus.com/bid/92100
http://www.securitytracker.com/id/1037741
https://lists.apache.org/list.html?user%40poi.apache.org
https://www.oracle.com/security-alerts/cpuoct2020.html
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.securityfocus.com/archive/1/538981/100/0/threaded
http://www.securityfocus.com/bid/92100
http://www.securitytracker.com/id/1037741
https://lists.apache.org/list.html?user%40poi.apache.org
https://www.oracle.com/security-alerts/cpuoct2020.html