XML External Entity Vulnerabilities in OpenText Documentum Webtop
CVE-2017-14527

8.8HIGH

Key Information:

Vendor: Opentext
Status: Documentum Administrator; Documentum Webtop
Vendor: CVE Published:; 28 September 2017

Summary

Multiple XML external entity (XXE) vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to exploit crafted XML documents. This can lead to unauthorized directory listing, file reading, denial of service incidents, or exposure of Documentum user hashes in Windows environments. Attackers may utilize specially crafted DTDs or XML files during various file operations to manipulate server behavior and gain unauthorized access to sensitive information.

References

http://seclists.org/fulldisclosure/2017/Sep/58

mailing-listx_refsource_FULLDISC

https://knowledge.opentext.com/knowledge/llisapi.dll/Open...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 28, 2017
Vulnerability Reserved
Sep 17, 2017