Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when XLSX2CSV example uses Javaβs XML components to parse OpenXML files. An attacker could exploit this vulnerability using an XML document containing an external entity reference to read arbitrary files on the system.
CVEID: CVE-2016-5000 DESCRIPTION: Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when XLSX2CSV example uses Javaβs XML components to parse OpenXML files. An attacker could exploit this vulnerability using an XML document containing an external entity reference to read arbitrary files on the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115530 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)
IBM eDiscovery Manager Version 2.2.2
Product
| VRM|Remediation
β|β|β
IBM eDiscovery Manager | 2.2.2| Use IBM eDiscovery Manager 2.2.2.2 Interim Fix IF0003 available at https://www-945.ibm.com/support/fixcentral/
NA
CPE | Name | Operator | Version |
---|---|---|---|
ediscovery manager | eq | 2.2.2 |