Apache POI CVE-2016-5000 XML External Entity Injection Vulnerability

Bugtraq ID: 92100
Class: Design Error
CVE: CVE-2016-5000
Remote: Yes
Local: No
Published: Jul 22 2016 12:00AM
Updated: Jan 23 2017 03:10AM
Credit: Mauro Gentile of Minded Security
Vulnerable: Oracle Retail Order Broker 5.2
Oracle Retail Order Broker 5.1
Oracle Retail Order Broker 4.1
Oracle Retail Order Broker 16.0
Oracle Retail Order Broker 15.0
IBM WebSphere Dashboard Framework 7.0.1
IBM Web Experience Factory 8.0 3
IBM Web Experience Factory 8.0 1
IBM Web Experience Factory 8.5.0.1
IBM Web Experience Factory 8.5.0.0
IBM Web Experience Factory 8.5
IBM Web Experience Factory 8.0.0.2
IBM Web Experience Factory 8.0
IBM Tivoli Service Request Manager -
IBM Tivoli Integration Composer 0
IBM Tivoli Change And Configuration Management Database 0
IBM Tivoli Asset Management for IT 0
IBM SmartCloud Control Desk 0
IBM QRadar 7.2
IBM QRadar 7.1
IBM PredictiveInsight 9.0
IBM PredictiveInsight 8.6
IBM Maximo for Utilities 0
IBM Maximo for Transportation 0
IBM Maximo for Oil and Gas 0
IBM Maximo for Nuclear Power 0
IBM Maximo for Life Sciences 0
IBM Maximo for Government 0
IBM Maximo for Energy Optimization 0
IBM Maximo for Aviation 0
IBM Maximo Asset Management 7.5 6
IBM Maximo Asset Management 7.5 .0
IBM Maximo Asset Management 7.1.1
IBM Maximo Asset Management 7.6
IBM Maximo Asset Management 7.5.0.5
IBM Maximo Asset Management 7.5.0.4
IBM Maximo Asset Management 7.5.0.3
IBM Maximo Asset Management 7.5.0.2
IBM Maximo Asset Management 7.5.0.10
IBM Maximo Asset Management 7.5.0.1
IBM Maximo Asset Management 7.1
Apache POI 3.5
Apache POI 3.13
Not Vulnerable: Apache POI 3.14


 

Privacy Statement
Copyright 2010, SecurityFocus