VDB

RHSA-2014%3A1400

RHSA-2014%3A1400 PUBLISHED CVSS 5 MEDIUM

It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity (XXE) attacks.

Risk Scores

CVSS 2.0
5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss BRMS 6.0

Timeline

  • Oct 13, 2014 CVE Published
  • Jan 28, 2026 CVE Updated
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›