Open Redirect Vulnerabilities in OpenText Documentum Administrator
CVE-2017-14524

6.1MEDIUM

Key Information:

Vendor: Opentext
Status: Documentum Administrator; Documentum Webtop
Vendor: CVE Published:; 28 September 2017

Summary

OpenText Documentum Administrator 7.2.0180.0055 is exposed to multiple open redirect vulnerabilities. These vulnerabilities enable remote attackers to redirect users to arbitrary external websites. This is achieved through manipulation of specific parameters in the URL, namely the startat parameter to xda/help/en/default.htm and the redirectUrl parameter. If exploited, such vulnerabilities can facilitate phishing attacks, compromising user credentials and potentially leading to further security threats.

References

http://seclists.org/fulldisclosure/2017/Sep/57

mailing-listx_refsource_FULLDISC

https://knowledge.opentext.com/knowledge/llisapi.dll/Open...

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 28, 2017
Vulnerability Reserved
Sep 17, 2017