Open Source Apache Poi Vulnerability
CVEID: CVE-2017-5644**
DESCRIPTION:** Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection (XXE) error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could exploit this vulnerability to consume all available CPU resources.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123699> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
ยท IBM QRadar SIEM 7.2 - 7.2.8 Patch 9
ยท IBM QRadar SIEM 7.3 - 7.3.0 Patch 7
ยท IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 10
ยท IBM QRadar/QRM/QVM/QRIF/QNI 7.3.1 GA
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.2 | |
ibm security qradar siem | eq | 7.3 |