cpe:/a:apache:poi:3.13 CVE-2016-5000 2016-08-05T10:59:10.143-04:00 2018-10-09T16:00:28.773-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov 2016-08-05T13:52:30.470-04:00 SECTRACK 1037741 BUGTRAQ 20160722 [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example BID 92100 MLIST [users] 20160722 [CVE-2016-5000] XML External Entity (XXE) Vulnerability in Apache POI's XLSX2CSV Example CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21996759 The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.