Name of the Vulnerable Software and Affected Versions Apache POI (affected versions not specified)

Description A security exception occurs in the javax.crypto.spec.SecretKeySpec constructor, which is called by org.apache.poi.poifs.crypt.binaryrc4.BinaryRC4Decryptor.initCipherForBlock. This issue is related to the initialization of the cipher for block decryption in the BinaryRC4Decryptor class.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.