VDB
RHSA-2014%3A1400
RHSA-2014%3A1400
PUBLISHED
CVSS 5 MEDIUM
It was found that Apache POI would resolve entities in OOXML documents. A remote attacker able to supply OOXML documents that are parsed by Apache POI could use this flaw to read files accessible to the user running the application server, and potentially perform more advanced XML External Entity (XXE) attacks.
Risk Scores
CVSS 2.0
5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss BRMS 6.0 |
Timeline
- Oct 13, 2014 CVE Published
- Jan 28, 2026 CVE Updated
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2014:1400 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms&downloadType=distributions&version=6.0.3 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1138135 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1138140 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2014/rhsa-2014_1400.json advisory
- https://access.redhat.com/security/cve/CVE-2014-3529 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-3529 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-3529 advisory
- https://access.redhat.com/security/cve/CVE-2014-3574 advisory
- https://www.cve.org/CVERecord?id=CVE-2014-3574 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2014-3574 advisory